Description

Froxlor is open source server administration software. Prior to version 2.3.5, the DomainZones.add API endpoint (accessible to customers with DNS enabled) does not validate the content field for several DNS record types (LOC, RP, SSHFP, TLSA). An attacker can inject newlines and BIND zone file directives (e.g. $INCLUDE) into the zone file that gets written to disk when the DNS rebuild cron job runs. This issue has been patched in version 2.3.5.

INFO

Published Date :

2026-03-24T18:46:13.137Z

Last Modified :

2026-03-25T13:31:13.459Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-30932 vulnerability.

Vendors Products
Froxlor
  • Froxlor
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-30932.

URL Resource
https://github.com/froxlor/froxlor/commit/b34829262dc32818b37f6a1eabb426d0b277a86b cve-icon cve-icon
https://github.com/froxlor/froxlor/releases/tag/2.3.5 cve-icon cve-icon
https://github.com/froxlor/froxlor/security/advisories/GHSA-x6w6-2xwp-3jh6 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact