top of page
perceptive_background_267k.jpg

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the de…

Published:

5 maart 2026 om 23:00:00

Alert date:

6 maart 2026 om 17:02:47

Source:

nvd.nist.gov

Click to open the original link from this advisory

Network Infrastructure

CoreDNS DNS server contains a logical vulnerability prior to version 1.14.2 that allows DNS access controls to be bypassed. The vulnerability stems from the default execution order of plugins where security plugins like ACL are evaluated before the rewrite plugin. This creates a Time-of-Check Time-of-Use (TOCTOU) flaw that can be exploited to circumvent access controls. The issue has been addressed in CoreDNS version 1.14.2.

Technical details

Mitigation steps:

Affected products:

CoreDNS

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-26017
https://github.com/coredns/coredns/releases/tag/v1.14.2
https://github.com/coredns/coredns/security/advisories/GHSA-c9v3-4pv7-87pr

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page