SB20260427159 - Improper Neutralization of Special Elements in Output Used by a Downstream Component in Froxlor

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB20260427159

SB20260427159 - Improper Neutralization of Special Elements in Output Used by a Downstream Component in Froxlor

Published: April 27, 2026

Security Bulletin ID SB20260427159
Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Improper Neutralization of Special Elements in Output Used by a Downstream Component (CVE-ID: CVE-2026-30932)

The vulnerability allows a remote user to inject arbitrary DNS records, disclose sensitive information, and cause a denial of service.

The vulnerability exists due to improper neutralization of special elements in output used by a downstream component in the DomainZones.add API endpoint and BIND zone file generation when processing unsanitized DNS record content for LOC, RP, SSHFP, and TLSA records. A remote user can submit crafted DNS record content containing newline characters and BIND directives to inject arbitrary DNS records, disclose sensitive information, and cause a denial of service.

Exploitation requires DNS management to be enabled for the customer account, and the injected content is written to disk when the DNS rebuild cron job runs.


Remediation

Install update from vendor's website.

References