CVE-2026-40306
MEDIUMDescription
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue.
Is your site exposed to CVE-2026-40306?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| dnnsoftware | dotnetnuke |
References
Advisories & Patches
Other References
Frequently Asked Questions
What is CVE-2026-40306? +
How severe is CVE-2026-40306? +
What products are affected by CVE-2026-40306? +
How do I check if I'm vulnerable to CVE-2026-40306? +
Related Vulnerabilities
Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform …
AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.75, AdGuard Home's client-triggered DoQ forwarding path …
Predictable default Wi-Fi Password in Access Point functionality in EZCast Pro II version 1.17478.146 allows attackers in Wi-Fi range to …
An authentication bypass vulnerability has been identified in the IFTTT integration feature. A remote, authenticated attacker could leverage this vulnerability …
Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files …
MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values may allow Authentication Bypass