Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2026-26017

Опубликовано: 06 мар. 2026
Источник: nvd
CVSS3: 7.7
CVSS3: 6.3
EPSS Низкий

Описание

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated before the rewrite plugin, resulting in a Time-of-Check Time-of-Use (TOCTOU) flaw. This issue has been patched in version 1.14.2.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:coredns.io:coredns:*:*:*:*:*:*:*:*
Версия до 1.14.2 (исключая)

EPSS

Процентиль: 16%
0.00051
Низкий

7.7 High

CVSS3

6.3 Medium

CVSS3

Дефекты

CWE-367

Связанные уязвимости

redhat логотип

CVE-2026-26017

CVSS3: 7.7
redhat
21 день назад

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated before the rewrite plugin, resulting in a Time-of-Check Time-of-Use (TOCTOU) flaw. This issue has been patched in version 1.14.2.

msrc логотип

CVE-2026-26017

CVSS3: 7.7
msrc
18 дней назад

CoreDNS ACL Bypass

debian логотип

CVE-2026-26017

CVSS3: 7.7
debian
20 дней назад

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, ...

github логотип

GHSA-c9v3-4pv7-87pr

CVSS3: 7.7
github
20 дней назад

CoreDNS ACL Bypass

EPSS

Процентиль: 16%
0.00051
Низкий

7.7 High

CVSS3

6.3 Medium

CVSS3

Дефекты

CWE-367