Dnn Platform

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-40306 NuGet MEDIUM PATCH This Month

DNN (DotNetNuke) 10.0.0 through 10.2.1 installations use an identical Host GUID across all new deployments, enabling attackers to impersonate the host administrator account and gain unauthorized access to sensitive CMS functionality. This affects only fresh installations-upgrades from 9.x retain unique identifiers. The vulnerability requires network access to exploit but no authentication or user interaction, and is patched in version 10.2.2.

Information Disclosure Microsoft Dnn Platform

NVD GitHub

CVSS 4.0

6.9

EPSS

0.0%

CVE-2026-40306 NuGet

EPSS 0% CVSS 6.9

MEDIUM PATCH This Month

DNN (DotNetNuke) 10.0.0 through 10.2.1 installations use an identical Host GUID across all new deployments, enabling attackers to impersonate the host administrator account and gain unauthorized access to sensitive CMS functionality. This affects only fresh installations-upgrades from 9.x retain unique identifiers. The vulnerability requires network access to exploit but no authentication or user interaction, and is patched in version 10.2.2.

Information Disclosure Microsoft Dnn Platform

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy