Shared CDN domain fronting variant actively exploited Underminr security flaw
Vulnerability
Summary
Hide ▲
Show ▼
Threat actors are actively abusing Underminr, a shared CDN infrastructure flaw, to make malicious connections look like trusted traffic and evade DNS/PDNS controls. The weakness is a domain fronting variant that can force requests to another tenant on the same shared edge while preserving allowed-looking SNI and Host signals. That enables hidden access to C&C, VPN, and proxy destinations. ADAMnetworks says the exposure could reach about 88 million domains, with the US, UK, and Canada most impacted.
Timeline
-
23.05.2026 14:00 2 articles · 4d ago
Underminr shared CDN abuse and PDNS evasion disclosed
Technical Analysis UpdateADAMnetworks describes Underminr, a domain-fronting variant in shared CDN infrastructure, as an abuse path that lets traffic to malicious domains appear to use trusted domains while actually reaching another tenant on the same shared edge. The technique can hide connections to C&C servers, VPN and proxy destinations, and can bypass Protective DNS (PDNS) and network egress controls; the company says the weakness has been used against large-scale hosting providers and may affect about 88 million domains, with the US, the UK, and Canada most impacted.
Show sources
- ‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains — www.securityweek.com — 23.05.2026 14:00
- ‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains — www.securityweek.com — 23.05.2026 14:00