CVE-2026-54588
Poweradmin Authentication Bypass Via HTTP Host Header Vulnerability.
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
Poweradmin, a DNS administration tool, contains a vulnerability where it improperly handles the HTTP Host header during authentication flows. This allows an unauthenticated attacker to manipulate redirects, potentially leading to full account takeover without credentials. Confirm if Poweradmin is in use to assess risk.