Description

When the internal webserver is enabled (default is disabled), an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration of the Cross-Origin Resource Sharing (CORS) policy.

INFO

Published Date :

2026-03-31T11:53:13.444Z

Last Modified :

2026-03-31T13:20:22.473Z

Source :

OX
AFFECTED PRODUCTS

The following products are affected by CVE-2026-0397 vulnerability.

Vendors Products
Powerdns
  • Dnsdist
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-0397.

URL Resource
https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact