CVE-2026-41230 Froxlor has a BIND Zone File Injection via Unsanitized DNS Record Content in DomainZones::add()

Froxlor is open source server administration software. Prior to version 2.3.6, DomainZones::add accepts arbitrary DNS record types without a whitelist and does not sanitize newline characters in the content field. When a DNS type not covered by the if/elseif validation chain is submitted e.g.,...