CVE-2026-54588

CRITICAL SEVERITY

CVSS Score & Metrics

Base Score

9.6 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L                                    

Vulnerability Description

Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 use the attacker-controlled `HTTP_HOST` request header as the authoritative source for building callback URLs in its OIDC, SAML, and logout authentication flows without any validation. An unauthenticated attacker can poison the `redirect_uri` sent to the Identity Provider, causing the IdP to redirect the victim's authorization code to an attacker-controlled server - resulting in full account takeover with no credentials required. Versions 4.2.4 and 4.3.3 patch the issue.

Vulnerability Details

Published Date

June 23, 2026

Last Modified

June 23, 2026

CWE ID

CWE-20

Source

NVD

Vendor

poweradmin

Product

poweradmin

External References

https://github.com/poweradmin/poweradmin/releases/tag/v4.2.4
https://github.com/poweradmin/poweradmin/releases/tag/v4.3.3
https://github.com/poweradmin/poweradmin/security/advisories/GHSA-3735-5339-xfwx

CVE-2026-54588

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment