CVE-2026-0396

Name of the Vulnerable Software and Affected Versions DNSdist (affected versions not specified)

Description An attacker may be able to inject HTML content into the internal web dashboard by sending specially crafted DNS queries to a DNSdist instance. This is possible when domain-based dynamic rules are enabled using either DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI. The attack involves manipulating DNS queries to achieve HTML injection.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.