CVE-2026-54588
Deferred Deferred - Pending Action

Open Redirect in Poweradmin DNS Administration Tool

Vulnerability report for CVE-2026-54588, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-23

Last updated on: 2026-06-24

Assigner: GitHub, Inc.

Description

Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 use the attacker-controlled `HTTP_HOST` request header as the authoritative source for building callback URLs in its OIDC, SAML, and logout authentication flows without any validation. An unauthenticated attacker can poison the `redirect_uri` sent to the Identity Provider, causing the IdP to redirect the victim's authorization code to an attacker-controlled server - resulting in full account takeover with no credentials required. Versions 4.2.4 and 4.3.3 patch the issue.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-23
Last Modified
2026-06-24
Generated
2026-07-15
AI Q&A
2026-06-24
EPSS Evaluated
2026-07-14
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
poweradmin poweradmin to 4.2.4|end_excluding=4.3.3 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

This vulnerability allows an unauthenticated attacker to perform a full account takeover without credentials by exploiting the unvalidated use of the HTTP_HOST header in authentication flows. Such unauthorized access can lead to exposure or manipulation of sensitive data.

As a result, organizations using affected versions of Poweradmin may face compliance risks with standards like GDPR and HIPAA, which require protection of personal and sensitive information against unauthorized access.

Failure to patch this vulnerability could lead to violations of confidentiality and integrity requirements mandated by these regulations.

Executive Summary

This vulnerability exists in Poweradmin, a web-based DNS administration tool for PowerDNS server, in versions prior to 4.2.4 and 4.3.3. The issue arises because the software uses the attacker-controlled HTTP_HOST request header as the authoritative source for building callback URLs in its OIDC, SAML, and logout authentication flows without validating it.

An unauthenticated attacker can exploit this by poisoning the redirect_uri sent to the Identity Provider (IdP). This causes the IdP to redirect the victim's authorization code to a server controlled by the attacker, which can lead to a full account takeover without requiring any credentials.

The vulnerability is patched in versions 4.2.4 and 4.3.3 of Poweradmin.

Impact Analysis

This vulnerability can have severe impacts because it allows an unauthenticated attacker to take over user accounts without needing any credentials.

Specifically, by poisoning the redirect_uri in authentication flows, the attacker can intercept authorization codes and gain full control over affected accounts.

This can lead to unauthorized access to sensitive DNS administration functions, potentially compromising the integrity and availability of DNS services managed by Poweradmin.

Mitigation Strategies

To mitigate this vulnerability, upgrade Poweradmin to version 4.2.4 or 4.3.3, as these versions contain patches that fix the issue with the unvalidated HTTP_HOST header.

Detection Guidance

This vulnerability involves the improper validation of the HTTP_HOST header in Poweradmin versions prior to 4.2.4 and between 4.3.0 and 4.3.2. Detection can focus on identifying requests with manipulated or unusual HTTP_HOST headers targeting the affected authentication callback URLs (OIDC, SAML, logout flows).

To detect potential exploitation attempts on your network or system, you can monitor HTTP requests to the Poweradmin server for suspicious or unexpected HTTP_HOST header values that differ from your legitimate domain or configured base URL.

  • Use network packet capture tools like tcpdump or Wireshark to filter HTTP requests with suspicious Host headers.
  • Example tcpdump command to capture HTTP Host headers: tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'Host:'
  • Use web server access logs to search for unusual Host header values or redirect_uri parameters in URLs related to authentication flows.
  • Example grep command on Apache/Nginx logs: grep -i 'Host:' /var/log/nginx/access.log | grep -v 'your-legitimate-domain.com'
  • Check for unexpected redirect_uri parameters in URLs by searching logs for patterns like 'redirect_uri=' or 'callback_url=' with domains not matching your configured base URL.

Additionally, ensure your Poweradmin configuration has the interface.base_url set to enforce safe URL construction, which mitigates this vulnerability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54588. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart