HIGHπŸ‡΅πŸ‡± Wersja polska

CVE-2026-26018

CVSS 7.5v3.1pub. 2026-03-06upd. 2026-06-30

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDNS's loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name, combined with a fatal error handler that terminates the entire process. This issue has been patched in version 1.14.2.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Coredns.io Coredns

    APP
    Coredns.Io
    < 1.14.2
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
DoS
CWE
References

Related vulnerabilities

CVE-2026-33489HIGH8.2ten sam produkt

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the transfer plugin can select the w...

CVE-2026-32936HIGH8.7ten sam produkt

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS (DoH) GET path ac...

CVE-2026-33190HIGH8.7ten sam produkt

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the tsig plugin can be bypassed on n...

CVE-2026-32934HIGH8.7ten sam produkt

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-QUIC (DoQ) server can b...

CVE-2026-35579HIGH8.2ten sam produkt

CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport im...

CVE-2026-26018 β€” Coredns.Io β€” Coredns β€” HIGH β€” CVSS 7.5 | CVEbaza.pl