PatchSiren cyber security CVE debrief
CVE-2026-41234 froxlor CVE debrief
CVE-2026-41234 is a HIGH severity vulnerability in Froxlor server administration software. An authenticated customer with DNS editing enabled can inject newlines into TXT record values via the `DomainZones.add` API endpoint. This allows for injection of arbitrary BIND directives and DNS records into the zone file written to disk by the DNS rebuild cron. This is an incomplete fix for CVE-2026-30932. Version 2.3.7 contains an updated patch.
- Vendor
- froxlor
- Product
- Unknown
- CVSS
- HIGH 7.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-05
Who should care
Administrators of Froxlor server administration software should be aware of this vulnerability and take steps to upgrade to version 2.3.7 or later.
Technical summary
The `DomainZones.add` API endpoint in Froxlor prior to version 2.3.7 does not sanitize newline characters in TXT record content. This allows an authenticated customer with DNS editing enabled to inject newlines into TXT record values, which can be used to inject arbitrary BIND directives and DNS records into the zone file.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade to Froxlor version 2.3.7 or later.
- Review and restrict access to the `DomainZones.add` API endpoint.
- Monitor DNS rebuild cron jobs for suspicious activity.
Evidence notes
CVE-2026-41234 has a CVSS score of 7.6 and is considered HIGH severity. The vulnerability was published on 2026-06-04T19:16:28.963Z and modified on 2026-06-05T15:09:21.430Z.
Official resources
CVE-2026-41234 was published on 2026-06-04T19:16:28.963Z and modified on 2026-06-05T15:09:21.430Z.