CVE-2026-26017 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the de…
High CVSS: 7.7

CVE-2026-26017

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated before the rewrite plugin, resulting in a Time-of-Check Time-of-Use (TOCTOU) flaw. This issue has been patched in version 1.14.2.
Vendor
Coredns.io
Product
Coredns
CWE
CWE-367
Yayın Tarihi
2026-03-06 16:16:10
Güncelleme
2026-03-09 20:31:14
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-367 Coredns HIGH Coredns.io 2026

Referanslar

https://github.com/coredns/coredns/releases/tag/v1.14.2 https://github.com/coredns/coredns/security/advisories/GHSA-c9v3-4pv7-87pr