Web Content Management Platform Vulnerability in DNN by DNN Software
CVE-2026-40306

6.9MEDIUM

Key Information:

Vendor: Dnnsoftware
Status: Dnn.platform
Vendor: CVE Published:; 17 April 2026

🔔 Create Dnnsoftware Vulnerability Alert

What is CVE-2026-40306?

The vulnerability in DNN, an open-source web content management platform, arises from all new installations of version 10.0.x to 10.2.1 sharing the same Host GUID. This flaw does not impact upgrades from earlier versions like 9.x.x. This shared Host GUID can expose installations to potential risks, making it imperative for users to upgrade to version 10.2.2, which addresses and mitigates this issue. For detailed guidance, visit the official advisory and the release notes.

Affected Version(s)

Dnn.Platform >= 10.0.0, < 10.2.2

References

https://github.com/dnnsoftware/Dnn.Platform/security/advi...

x_refsource_CONFIRM

https://github.com/dnnsoftware/Dnn.Platform/releases/tag/...

x_refsource_MISC

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2026
Vulnerability Reserved
Apr 10, 2026

CVE-2026-40306 Data

JSON