{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-24T11:25:43.337","vulnerabilities":[{"cve":{"id":"CVE-2026-30932","sourceIdentifier":"security-advisories@github.com","published":"2026-03-24T19:16:51.863","lastModified":"2026-03-26T12:17:21.523","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Froxlor is open source server administration software. Prior to version 2.3.5, the DomainZones.add API endpoint (accessible to customers with DNS enabled) does not validate the content field for several DNS record types (LOC, RP, SSHFP, TLSA). An attacker can inject newlines and BIND zone file directives (e.g. $INCLUDE) into the zone file that gets written to disk when the DNS rebuild cron job runs. This issue has been patched in version 2.3.5."},{"lang":"es","value":"Froxlor es un software de administración de servidor de código abierto. Antes de la versión 2.3.5, el endpoint de la API DomainZones.add (accesible para clientes con DNS habilitado) no valida el campo de contenido para varios tipos de registros DNS (LOC, RP, SSHFP, TLSA). Un atacante puede inyectar saltos de línea y directivas de archivo de zona BIND (p. ej., $INCLUDE) en el archivo de zona que se escribe en el disco cuando se ejecuta la tarea cron de reconstrucción de DNS. Este problema ha sido parcheado en la versión 2.3.5."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-74"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*","versionEndExcluding":"2.3.5","matchCriteriaId":"A368860C-0E5C-47F2-B5B0-DC0877A65BC5"}]}]}],"references":[{"url":"https://github.com/froxlor/froxlor/commit/b34829262dc32818b37f6a1eabb426d0b277a86b","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/froxlor/froxlor/releases/tag/2.3.5","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/froxlor/froxlor/security/advisories/GHSA-x6w6-2xwp-3jh6","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}