cvedb.io
CVE-2026-26017
HIGH · CVSS 7.7
EPSS exploitation probability: 0%
Published 2026-03-06T16:16:10.397 · Last modified 2026-06-30T03:17:47.560

Summary

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated before the rewrite plugin, resulting in a Time-of-Check Time-of-Use (TOCTOU) flaw. This issue has been patched in version 1.14.2.

Affected products

coredns.io — coredns

Does this affect you?

Add your gear to cvedb and we'll alert you only when coredns.io ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.