CVE-2026-54588 | Poweradmin is a web-based DNS administration tool for PowerD… | CVSS 9.6 CRITICAL

Description

Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 use the attacker-controlled `HTTP_HOST` request header as the authoritative source for building callback URLs in its OIDC, SAML, and logout authentication flows without any validation. An unauthenticated attacker can poison the `redirect_uri` sent to the Identity Provider, causing the IdP to redirect the victim's authorization code to an attacker-controlled server - resulting in full account takeover with no credentials required. Versions 4.2.4 and 4.3.3 patch the issue.

Metadata

CVE ID: CVE-2026-54588
State: PUBLISHED
Assigner: GitHub_M
Reserved: 2026-06-15 19:15 UTC
Published: 2026-06-23 22:09 UTC
Last updated: 2026-06-23 22:09 UTC
Primary CWE: CWE-20
CWE-20: Improper Input Validation
Vendor / Product: poweradmin / poweradmin
Sources: cve.org · NVD

Severity & Metrics

9.6 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L

Affected products (1)

Vendor	Product	Platform	Versions
poweradmin	poweradmin	—	< 4.2.4, >= 4.3.0, < 4.3.3

Weakness (CWE)

CWE	Source	Description
CWE-20	cna	CWE-20: Improper Input Validation
CWE-601	cna	CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

CVSS scores (1)

Score	Severity	Version	Source	Vector
9.6	CRITICAL	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L

References (3)

https://github.com/poweradmin/poweradmin/security/advisories/GHSA-3735-5339-xfwx https://github.com/poweradmin/poweradmin/security/advisories/GHSA-3735-5339-xfwx
https://github.com/poweradmin/poweradmin/releases/tag/v4.2.4 https://github.com/poweradmin/poweradmin/releases/tag/v4.2.4
https://github.com/poweradmin/poweradmin/releases/tag/v4.3.3 https://github.com/poweradmin/poweradmin/releases/tag/v4.3.3