CRITICAL
poweradmin
CVE published 2026-06-23
CVE-2026-54588
CVE-2026-54588 is a critical vulnerability in Poweradmin, a web-based DNS administration tool. Versions prior to 4.2.4 and 4.3.3 are affected by an unauthenticated attacker-controlled HTTP_HOST request header vulnerability. This vulnerability allows an attacker to poison the redirect_uri sent to the Identity Provider, causing the IdP to redirect the victim's authorization code to an attacker-controlled se [truncated]