Zero Day MonitorZDM

← Back to list

3.1

CVE-2026-0396PATCHED

PowerDNS · DNSdist

HTML injection in the web dashboard

Description

An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI.

Affected Products

Vendor	Product	Versions
PowerDNS	DNSdist	1.9.0, 2.0.0

References

https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html

Related News (3 articles)

Tier C

VulDB7h ago

CVE-2026-0396 | PowerDNS DNSdist up to 1.9.11/2.0.2 injection

→ No new info (linked only)

Tier C

oss-security7h ago

PowerDNS Security Advisory 2026-02 for DNSdist: Multiple issues

→ No new info (linked only)

Tier B

BSI Advisories8h ago

[NEU] [hoch] PowerDNS: Mehrere Schwachstellen

→ No new info (linked only)

CVSS 3.13.1 LOW

VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

CISA KEV❌ No

Actively exploited❌ No

Patch available1.9.12, 2.0.3

PublishedMar 31, 2026

Last enriched6h agov3

Trending Score36

Source articles3

Independent3

Info Completeness8/14

Missing: epss, cwe, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

MEDIUMCVE-2026-24028EXP

Out-of-bounds read when parsing DNS packets via Lua

MEDIUMCVE-2026-24029EXP

DNS over HTTPS ACL bypass

MEDIUMCVE-2026-27853EXP

Out-of-bounds write when rewriting large DNS packets

MEDIUMCVE-2026-24030

Unbounded memory allocation for DoQ and DoH3

MEDIUMCVE-2026-27854

Use after free when parsing EDNS options in Lua

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Vulnerability Timeline

CVE Published

Mar 31, 2026

Discovered by ZDM

Mar 31, 2026

Updated: cweIds

Mar 31, 2026

Updated: affectedVersions, severity

Mar 31, 2026

Patch Available

Mar 31, 2026

Version History

v3

Last enriched 6h ago

v3Tier C6h ago

Updated affected versions to include 1.9.11 and 2.0.2, changed severity to MEDIUM, and noted that no exploit exists.

affectedVersionsseverity

via VulDB

v2Tier C7h ago

Added CWE-79, marked exploit as available, and noted that the vulnerability is actively exploited.

cweIds

via oss-security

v17h ago

Initial creation