Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-46tt-1n8z-xuct
Vulnerability ID VCID-46tt-1n8z-xuct
Aliases CVE-2026-41237
GHSA-j6fm-9rfm-j5hx
Summary Froxlor is open source server administration software. In version 2.3.6 and earlier, the LOC record regex uses `\s+` which matches newlines (allowing embedded newlines to pass), TLSA `matchingType=0` has no upper bound on hex data length, and all validators return raw input without zone-file escaping. Version 2.3.7 contains an updated patch.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
System Score Found at
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2026-41237
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2026-41237
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-j6fm-9rfm-j5hx
cvssv4 8.6 https://github.com/froxlor/froxlor
generic_textual HIGH https://github.com/froxlor/froxlor
cvssv4 8.6 https://github.com/froxlor/froxlor/commit/b34829262dc3
generic_textual HIGH https://github.com/froxlor/froxlor/commit/b34829262dc3
ssvc Track* https://github.com/froxlor/froxlor/commit/b34829262dc3
cvssv4 8.6 https://github.com/froxlor/froxlor/releases/tag/2.3.7
generic_textual HIGH https://github.com/froxlor/froxlor/releases/tag/2.3.7
ssvc Track* https://github.com/froxlor/froxlor/releases/tag/2.3.7
cvssv3.1_qr HIGH https://github.com/froxlor/froxlor/security/advisories/GHSA-j6fm-9rfm-j5hx
cvssv4 8.6 https://github.com/froxlor/froxlor/security/advisories/GHSA-j6fm-9rfm-j5hx
generic_textual HIGH https://github.com/froxlor/froxlor/security/advisories/GHSA-j6fm-9rfm-j5hx
ssvc Track* https://github.com/froxlor/froxlor/security/advisories/GHSA-j6fm-9rfm-j5hx
cvssv4 8.6 https://nvd.nist.gov/vuln/detail/CVE-2026-30932
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2026-30932
cvssv4 8.6 https://nvd.nist.gov/vuln/detail/CVE-2026-41237
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2026-41237
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2026-41237
https://github.com/froxlor/froxlor
2.3.7 https://github.com/froxlor/froxlor/releases/tag/2.3.7
b34829262dc3 https://github.com/froxlor/froxlor/commit/b34829262dc3
CVE-2026-30932 https://nvd.nist.gov/vuln/detail/CVE-2026-30932
CVE-2026-41237 https://nvd.nist.gov/vuln/detail/CVE-2026-41237
GHSA-j6fm-9rfm-j5hx https://github.com/advisories/GHSA-j6fm-9rfm-j5hx
GHSA-j6fm-9rfm-j5hx https://github.com/froxlor/froxlor/security/advisories/GHSA-j6fm-9rfm-j5hx
No exploits are available.
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N Found at https://github.com/froxlor/froxlor
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N Found at https://github.com/froxlor/froxlor/commit/b34829262dc3
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-06-05T20:07:46Z/ Found at https://github.com/froxlor/froxlor/commit/b34829262dc3
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N Found at https://github.com/froxlor/froxlor/releases/tag/2.3.7
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-06-05T20:07:46Z/ Found at https://github.com/froxlor/froxlor/releases/tag/2.3.7
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N Found at https://github.com/froxlor/froxlor/security/advisories/GHSA-j6fm-9rfm-j5hx
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-06-05T20:07:46Z/ Found at https://github.com/froxlor/froxlor/security/advisories/GHSA-j6fm-9rfm-j5hx
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N Found at https://nvd.nist.gov/vuln/detail/CVE-2026-30932
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N Found at https://nvd.nist.gov/vuln/detail/CVE-2026-41237
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.15789
EPSS Score 0.00049
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T16:51:13.547311+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2026/41xxx/CVE-2026-41237.json 38.6.0