CVE-2026-54588

creationtimestamp| type| source ---|---|--- 2026-06-23 23:50:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moylpvwyu22t 2026-06-24 17:04:44+00:00| seen| https://bsky.app/profile/hugovalters.bsky.social/post/3mp2fjn4xgw2o...

CVE-2026-54588

Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 use the attacker-controlled HTTPHOST request header as the authoritative source for building callback URLs in its OIDC, SAML, and logout authentication flows without any validation. An...