2492046 – (CVE-2026-54588) CVE-2026-54588 Poweradmin: Poweradmin: Account takeover via malicious redirect URI in authentication flows

Bug 2492046 (CVE-2026-54588) - CVE-2026-54588 Poweradmin: Poweradmin: Account takeover via malicious redirect URI in authentication flows

Summary: CVE-2026-54588 Poweradmin: Poweradmin: Account takeover via malicious redirec...

Keywords:
Status:	NEW
Alias:	CVE-2026-54588
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	urgent
Severity:	urgent
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2492074
Blocks:
TreeView+	depends on / blocked

Reported:	2026-06-23 23:01 UTC by OSIDB Bzimport
Modified:	2026-06-24 05:42 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-06-23 23:01:19 UTC

Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 use the attacker-controlled `HTTP_HOST` request header as the authoritative source for building callback URLs in its OIDC, SAML, and logout authentication flows without any validation. An unauthenticated attacker can poison the `redirect_uri` sent to the Identity Provider, causing the IdP to redirect the victim's authorization code to an attacker-controlled server - resulting in full account takeover with no credentials required. Versions 4.2.4 and 4.3.3 patch the issue.

Note You need to log in before you can comment on or make changes to this bug.