Home / Vulnerability Intelligence / CVE-2026-30932

CVE-2026-30932 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 26, 2026

Froxlor - Command Injection

Published: March 24, 2026Updated: March 26, 2026PoC AvailableRemote Exploitable

Overview

Froxlor < 2.3.5 contains a command injection caused by lack of validation on the content field in DomainZones.add API for certain DNS record types, letting attackers inject zone file directives, exploit requires DNS enabled and API access.

Severity & Score

Severity: High

CVSS Score: 8.8

Impact

Attackers can inject malicious directives into DNS zone files, potentially leading to arbitrary file inclusion or DNS service manipulation.

Mitigation

Upgrade to version 2.3.5 or later.

References

https://github.com/froxlor/froxlor/commit/b34829262dc32818b37f6a1eabb426d0b277a86b
https://github.com/froxlor/froxlor/releases/tag/2.3.5
https://github.com/froxlor/froxlor/security/advisories/GHSA-x6w6-2xwp-3jh6

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-30932
Severity: High
CVSS Score: 8.8
Type: command_injection
Status: confirmed

CWE

CWE-74

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H