Cyber Resilience

CVE-2026-41234

High

Published: 04 June 2026

Published
04 June 2026
Modified
05 June 2026
KEV Added
Patch
CVSS Score v3.1 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
EPSS Score 0.0046 36.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-41234 is a high-severity Injection (CWE-74) vulnerability. Its CVSS base score is 7.6 (High).

Operationally, ranked at the 36.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Froxlor is open source server administration software. Prior to version 2.3.7, the `DomainZones.add` API endpoint does not sanitize newline characters in TXT record content. An authenticated customer with DNS editing enabled can inject newlines into TXT record values, which break…

more

out of the record line in the generated BIND zone file. This enables injection of arbitrary BIND directives (`$INCLUDE`, `$GENERATE`) and arbitrary DNS records (A, MX, CNAME) into the zone file written to disk by the DNS rebuild cron. This is an incomplete fix for CVE-2026-30932 (GHSA-x6w6-2xwp-3jh6), which patched the same newline injection for LOC, RP, SSHFP, and TLSA record types but did not patch TXT records. Version 2.3.7 contains an updated patch.

CWE(s)

Related Threats

CVEs Like This One

CVE-2026-42334Shared CWE-74
CVE-2025-64428Shared CWE-74
CVE-2022-31631Shared CWE-74
CVE-2026-33202Shared CWE-74
CVE-2024-21797Shared CWE-74
CVE-2025-67486Shared CWE-74
CVE-2026-2469Shared CWE-74
CVE-2025-25477Shared CWE-74
CVE-2026-6279Shared CWE-74
CVE-2026-41237Shared CWE-74

Affected Assets

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-74

Developer assessments and testing (including injection-focused techniques) identify improper neutralization of special elements, and the verifiable flaw remediation corrects them pre-deployment.

addresses: CWE-74

Identifies indicators of injection attacks (command, SQL, LDAP, etc.) via anomaly and attack monitoring.

References