CVE-2026-41233 Froxlor has a Reseller Domain Quota Bypass via Unvalidated adminid Parameter in Domains.add()

Froxlor is open source server administration software. Prior to version 2.3.6, in Domains.add, the adminid parameter is accepted from user input and used without validation when the calling reseller does not have the customersseeall permission. This allows a reseller to attribute newly created...

CVE-2026-41233

Froxlor CVE-2026-41233 affects the Domains.add() flow prior to version 2.3.6. The adminid parameter is taken from user input and used without validation when the caller lacks customers_see_all, allowing a reseller to attribute newly created domains to another admin. This bypasses the reseller’s o...

EUVD-2026-25188

Froxlor is open source server administration software. Prior to version 2.3.6, in Domains.add, the adminid parameter is accepted from user input and used without validation when the calling reseller does not have the customersseeall permission. This allows a reseller to attribute newly created...

Froxlor 安全漏洞

Froxlor is a set of lightweight server management software developed by the Froxlor team. Versions of Froxlor prior to 2.3.6 contained security vulnerabilities. These vulnerabilities stemmed from the use of the adminid parameter in Domains.add without verification, allowing administrators to assi...

Froxlor has a Reseller Domain Quota Bypass via Unvalidated adminid Parameter in Domains.add()

Summary In Domains.add, the adminid parameter is accepted from user input and used without validation when the calling reseller does not have the customersseeall permission. This allows a reseller to attribute newly created domains to any other admin, bypassing their own domain quota since the...