CVE-2026-40306 MEDIUM

CVE-2026-40306: DNN has same HostGUID for all new installs

Vendor Dnnsoftware
Product Dnn.Platform
Weakness CWE-330 · Insufficient randomness
Published April 17, 2026
Last update April 20, 2026

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue.

Key dates

02Disclosure timeline

April 17, 2026 CVE published
April 20, 2026 Record updated