FKIE_CVE-2026-26018

Vulnerability from fkie_nvd - Published: 2026-03-06 16:16 - Updated: 2026-03-09 20:32
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDNS's loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name, combined with a fatal error handler that terminates the entire process. This issue has been patched in version 1.14.2.
References
security-advisories@github.comhttps://github.com/coredns/coredns/releases/tag/v1.14.2Product, Release Notes
security-advisories@github.comhttps://github.com/coredns/coredns/security/advisories/GHSA-h75p-j8xm-m278Vendor Advisory, Exploit
Impacted products
Vendor Product Version
coredns.io coredns *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:coredns.io:coredns:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B72A7A10-A05D-47A2-93A8-076E4C944D23",
              "versionEndExcluding": "1.14.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDNS\u0027s loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name, combined with a fatal error handler that terminates the entire process. This issue has been patched in version 1.14.2."
    },
    {
      "lang": "es",
      "value": "CoreDNS es un servidor DNS que encadena plugins. Antes de la versi\u00f3n 1.14.2, existe una vulnerabilidad de denegaci\u00f3n de servicio en el plugin de detecci\u00f3n de bucles de CoreDNS que permite a un atacante colapsar el servidor DNS al enviar consultas DNS especialmente dise\u00f1adas. La vulnerabilidad se deriva del uso de un generador de n\u00fameros pseudoaleatorios (PRNG) predecible para generar un nombre de consulta secreto, combinado con un gestor de errores fatal que finaliza el proceso completo. Este problema ha sido parcheado en la versi\u00f3n 1.14.2."
    }
  ],
  "id": "CVE-2026-26018",
  "lastModified": "2026-03-09T20:32:49.083",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-03-06T16:16:10.557",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Product",
        "Release Notes"
      ],
      "url": "https://github.com/coredns/coredns/releases/tag/v1.14.2"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory",
        "Exploit"
      ],
      "url": "https://github.com/coredns/coredns/security/advisories/GHSA-h75p-j8xm-m278"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-337"
        },
        {
          "lang": "en",
          "value": "CWE-400"
        },
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.