Main Vulnerability Database Vulnerabilities #VU128194

Improper Neutralization of Special Elements in Output Used by a Downstream Component in Froxlor - CVE-2026-30932

Published: April 27, 2026

Vulnerability identifier: #VU128194

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2026-30932

CWE-ID: CWE-74

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: froxlor

Affected software:
Froxlor

Detailed vulnerability description

The vulnerability allows a remote user to inject arbitrary DNS records, disclose sensitive information, and cause a denial of service.

The vulnerability exists due to improper neutralization of special elements in output used by a downstream component in the DomainZones.add API endpoint and BIND zone file generation when processing unsanitized DNS record content for LOC, RP, SSHFP, and TLSA records. A remote user can submit crafted DNS record content containing newline characters and BIND directives to inject arbitrary DNS records, disclose sensitive information, and cause a denial of service.

Exploitation requires DNS management to be enabled for the customer account, and the injected content is written to disk when the DNS rebuild cron job runs.

How to mitigate CVE-2026-30932

Install security update from vendor's website.

Sources

https://github.com/froxlor/froxlor/security/advisories/GHSA-x6w6-2xwp-3jh6

Improper Neutralization of Special Elements in Output Used by a Downstream Component in Froxlor - CVE-2026-30932

Detailed vulnerability description

How to mitigate CVE-2026-30932

Sources

Please verify you're human