Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-0396
PUBLISHED
More InfoOfficial Page
Assigner-OX
Assigner Org ID-8ce71d90-2354-404b-a86e-bec2cc4e6981
View Known Exploited Vulnerability (KEV) details
Published At-31 Mar, 2026 | 11:50
Updated At-31 Mar, 2026 | 13:21
Rejected At-
▼CVE Numbering Authority (CNA)
HTML injection in the web dashboard

An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI.

Affected Products
Vendor
PowerDNS
Product
DNSdist
Collection URL
https://repo.powerdns.com/
Package Name
dnsdist
Repo
https://github.com/PowerDNS/pdns
Modules
  • Web Dashboard
Program Files
  • html/local.js
Default Status
unaffected
Versions
Affected
  • From 1.9.0 before 1.9.12 (semver)
  • From 2.0.0 before 2.0.3 (semver)
Problem Types
TypeCWE IDDescription
CWEImproperImproper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Type: CWE
CWE ID: Improper
Description: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Metrics
VersionBase scoreBase severityVector
3.13.1LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
Version: 3.1
Base score: 3.1
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Aisle Research
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html
N/A
Hyperlink: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-80CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Type: CWE
CWE ID: CWE-80
Description: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found