CWE-350— Reliance on Reverse DNS Resolution for a Security-Critical Action
The product performs reverse DNS resolution on an IP address to obtain the hostname and make a security decision, but it does not properly ensure that the IP address is truly associated with the hostname.— MITRE CWE catalog
21 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-350page 1 of 1
- CVE-2018-7160HIGHCVSS 8.8EG 8.82018-05-17
The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another…
- CVE-2020-11091MEDIUMCVSS 5.8EG 5.82020-06-03
In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a cluster with an IPv4 internal network, if IP…
- CVE-2021-22884HIGHCVSS 7.5EG 7.52021-03-03
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via…
- CVE-2021-34561HIGHCVSS 7.5EG 8.82021-08-31
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. Attackers can use DNS Rebinding to bypass any IP or firewall based access restrictio…
- CVE-2022-22364MEDIUMCVSS 5.3EG 5.32024-05-03
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to pe…
- CVE-2023-32020MEDIUMCVSS 5.6EG 3.72023-06-14
Windows DNS Spoofing Vulnerability
- CVE-2023-52235HIGHCVSS 8.8EG 8.82024-04-05
SpaceX Starlink Wi-Fi router GEN 2 before 2023.53.0 and Starlink Dish before 07dd2798-ff15-4722-a9ee-de28928aed34 allow CSRF (e.g., for a reboot) via a DNS Rebinding attack.
- CVE-2024-42364MEDIUMCVSS 6.5EG 6.52024-08-23
Homepage is a highly customizable homepage with Docker and service API integrations. The default setup of homepage 0.9.1 is vulnerable to DNS rebinding. Homepage is setup without certificate and authentication by default, leaving it to vul…
- CVE-2024-53275MEDIUMCVSS 5.3EG 5.32024-12-23
Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. In 1.15.0 and earlier, the default setup of home-gallery is vulnerable to DNS rebinding. Home-gallery is set up without TLS and user authentica…
- CVE-2025-24010MEDIUMCVSS 6.5EG 6.52025-01-20
Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket conn…
- CVE-2025-59163LOWCVSS 2.1EG 2.12025-09-29
vet is an open source software supply chain security tool. Versions 1.12.4 and below are vulnerable to a DNS rebinding attack due to lack of HTTP Host and Origin header validation. Data from the vet scan sqlite3 database may be exposed to …
- CVE-2025-59956MEDIUMCVSS 6.5EG 6.52025-09-30
AgentAPI is an HTTP API for Claude Code, Goose, Aider, Gemini, Amp, and Codex. Versions 0.3.3 and below are susceptible to a client-side DNS rebinding attack when hosted over plain HTTP on localhost. An attacker can gain access to the /mes…
- CVE-2025-61430MEDIUMCVSS 6.5EG 6.52025-10-24
Improper handling of DNS over TCP in Simple DNS Plus v9 allows a remote attacker with querying access to the DNS server to cause the server to return request payloads from other clients. This happens when the TCP length prefix is malformed…
- CVE-2025-8036HIGHCVSS 8.1EG 8.12025-07-22
Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.
- CVE-2026-12635LOWCVSS 3.1EG 3.12026-06-25
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with maintainer-role permissio…
- CVE-2026-1490CRITICALCVSS 9.8EG 9.82026-02-15
The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS (PTR record) spoofing on the 'checkWithoutToken' function…
- CVE-2026-24281HIGHCVSS 7.4EG 7.42026-03-07
Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS (PTR) when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate…
- CVE-2026-36604MEDIUMCVSS 6.5EG 6.52026-06-03
Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 does not validate the HTTP Host header, enabling DNS rebinding attacks. An external attacker can rebind a domain to the router's internal IP address, extending the CORS wildca…
- CVE-2026-42559HIGHCVSS 8.8EG 8.82026-05-14
RMCP is an official Rust SDK for the Model Context Protocol. Prior to version 1.4.0, the rmcp crate's Streamable HTTP server transport (crates/rmcp/src/transport/streamable_http_server/) did not validate the incoming Host header. This allo…
- CVE-2026-46611MEDIUMCVSS 5.3EG 5.32026-06-22
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server (glances -s, implemented in glances/server.py) does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attac…
- CVE-2026-6874MEDIUMCVSS 4.3EG 4.32026-04-23
A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing a manipulation of the argument Host can lead to reliance on reverse dns reso…
Map vulnerabilities like CWE-350 to your infrastructure
EchelonGraph correlates every CVE — across CWE-350 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →