Vulnerability in Powerdns Dnsdist
CVE-2026-0396
An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSuffixMatchRule or Dy…
EPSS: 0.000 (0.1th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 3.1 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N.
Affected products
- Powerdns Dnsdist — versions 1.9.0, 2.0.0
References
Frequently asked questions
- What is CVE-2026-0396?
- CVE-2026-0396 is a low-severity vulnerability in Powerdns Dnsdist. CVSS score: 3.1/10. Published 2026-03-31.
- How severe is CVE-2026-0396?
- Low severity. CVSS v3 base score is 3.1 out of 10.