wid-sec-w-2026-0627 · Published 2026-03-05 · View on BSI CERT-Bund ↗

CoreDNS: Multiple Vulnerabilities

CVSS 7.7 HIGH

Risk Summary

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDNS's loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name, combined with a fatal error handler that terminates the entire process. This issue has been patched in version 1.14.2.

CVEs (2)

CVE-2026-26017 CVE-2026-26018

Affected Vendors

Microsoft Open Source SUSE

Affected Products (3)

Microsoft · Azure Linux azl3

Open Source · CoreDNS <1.14.2

Open Source · CoreDNS 1.14.2

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more