Coredns.Io

Coredns

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2026-35579

Exploit
  • EPSS 0.45%
  • Veröffentlicht 05.05.2026 21:16:22
  • Zuletzt bearbeitet 08.05.2026 15:58:53

CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport implementations incorrectly handle TSIG authentication. For gRPC and QUIC, the server checks whether the TSIG key name exists in the configura...

7.5

CVE-2026-32936

Exploit
  • EPSS 0.67%
  • Veröffentlicht 05.05.2026 20:16:36
  • Zuletzt bearbeitet 08.05.2026 16:02:28

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS (DoH) GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the ...

7.5

CVE-2026-33190

Exploit
  • EPSS 0.37%
  • Veröffentlicht 05.05.2026 20:16:36
  • Zuletzt bearbeitet 08.05.2026 16:01:27

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the tsig plugin can be bypassed on non-plain-DNS transports (DoT, DoH, DoH3, DoQ, and gRPC) because it trusts the transport writer's TsigStatus() instead of performing verifica...

7.5

CVE-2026-33489

Exploit
  • EPSS 0.39%
  • Veröffentlicht 05.05.2026 20:16:36
  • Zuletzt bearbeitet 08.05.2026 16:00:05

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the transfer plugin can select the wrong ACL stanza when both a parent zone and a more-specific subzone are configured. The longestMatch() function in plugin/transfer/transfer....

7.5

CVE-2026-32934

Exploit
  • EPSS 0.47%
  • Veröffentlicht 05.05.2026 20:16:35
  • Zuletzt bearbeitet 08.05.2026 16:03:02

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-QUIC (DoQ) server can be driven into unbounded goroutine and memory growth by a remote client that opens many QUIC streams and sends only 1 byte per stream. When t...

6.3

CVE-2026-26017

  • EPSS 0.31%
  • Veröffentlicht 06.03.2026 15:36:15
  • Zuletzt bearbeitet 09.03.2026 20:31:14

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated before the re...

7.5

CVE-2026-26018

Exploit
  • EPSS 0.79%
  • Veröffentlicht 06.03.2026 15:35:50
  • Zuletzt bearbeitet 09.03.2026 20:32:49

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDNS's loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerabil...

7.5

CVE-2025-68151

  • EPSS 0.41%
  • Veröffentlicht 08.01.2026 15:33:12
  • Zuletzt bearbeitet 22.01.2026 13:47:50

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, multiple CoreDNS server implementations (gRPC, HTTPS, and HTTP/3) lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or cra...

7.5

CVE-2025-47950

  • EPSS 1.13%
  • Veröffentlicht 06.06.2025 17:32:30
  • Zuletzt bearbeitet 15.08.2025 16:24:26

CoreDNS is a DNS server that chains plugins. In versions prior to 1.12.2, a Denial of Service (DoS) vulnerability exists in the CoreDNS DNS-over-QUIC (DoQ) server implementation. The server previously created a new goroutine for every incoming QUIC s...

7.5

CVE-2023-30464

  • EPSS 0.39%
  • Veröffentlicht 18.09.2024 21:15:13
  • Zuletzt bearbeitet 10.07.2025 15:56:58

CoreDNS through 1.10.1 enables attackers to achieve DNS cache poisoning and inject fake responses via a birthday attack.