CVE-2026-41237

Summary

Froxlor is open source server administration software. In version 2.3.6 and earlier, the LOC record regex uses \s+ which matches newlines (allowing embedded newlines to pass), TLSA matchingType=0 has no upper bound on hex data length, and all validators return raw input without zone-file escaping. Version 2.3.7 contains an updated patch.

Affected Software

VendorProductVersion RangeStatus
froxlorfroxlor< 2.3.7affected

Weaknesses

  • CWE-74: CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

References