CVE-2026-54588 poweradmin CVE debrief

Who should care

Administrators and users of Poweradmin versions prior to 4.2.4 and 4.3.3 should be aware of this vulnerability and take immediate action to patch their systems. This vulnerability can be exploited by an unauthenticated attacker, making it a high-priority issue. Additionally, security teams and researchers should be aware of this vulnerability to ensure they are monitoring for potential exploitation attempts.

Technical summary

The vulnerability exists in the OIDC, SAML, and logout authentication flows of Poweradmin. The attacker-controlled HTTP_HOST request header is used as the authoritative source for building callback URLs without any validation. This allows an unauthenticated attacker to redirect the victim's authorization code to an attacker-controlled server, resulting in full account takeover. The vulnerability is patched in versions 4.2.4 and 4.3.3.

Defensive priority

This vulnerability has a high defensive priority due to its critical CVSS score and the potential for unauthenticated exploitation. Immediate patching of affected systems is recommended.

Recommended defensive actions

• Patch Poweradmin to version 4.2.4 or 4.3.3
• Monitor for potential exploitation attempts
• Review and update authentication flows to ensure secure configuration
• Implement additional security measures, such as web application firewalls and intrusion detection systems
• Conduct thorough vulnerability assessments and penetration testing

Evidence notes

The evidence for this vulnerability comes from the NVD and CVE.org. The vulnerability is considered critical with a CVSS score of 9.6. The affected versions are prior to 4.2.4 and 4.3.3. The vulnerability is patched in versions 4.2.4 and 4.3.3.

Official resources