Coredns
Products
3- 15 CVEs
- 2 CVEs
- 1 CVE
Recent CVEs
18| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-35579 | Cri | 0.57 | 9.8 | 0.01 | May 5, 2026 | CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport implementations incorrectly handle TSIG authentication. For gRPC and QUIC, the server checks whether the TSIG key name exists in the configuration but never calls… | ||
| CVE-2026-33489 | Hig | 0.42 | 7.5 | 0.00 | May 5, 2026 | CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the transfer plugin can select the wrong ACL stanza when both a parent zone and a more-specific subzone are configured. The longestMatch() function in plugin/transfer/transfer.go uses a lexicographic… | ||
| CVE-2026-33190 | Hig | 0.42 | 7.5 | 0.00 | May 5, 2026 | CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the tsig plugin can be bypassed on non-plain-DNS transports (DoT, DoH, DoH3, DoQ, and gRPC) because it trusts the transport writer's TsigStatus() instead of performing verification itself. The DoH and DoH3… | ||
| CVE-2026-32936 | Hig | 0.42 | 7.5 | 0.01 | May 5, 2026 | CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS (DoH) GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the request. Unlike the POST… | ||
| CVE-2026-32934 | Hig | 0.42 | 7.5 | 0.00 | May 5, 2026 | CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-QUIC (DoQ) server can be driven into unbounded goroutine and memory growth by a remote client that opens many QUIC streams and sends only 1 byte per stream. When the worker pool is full,… | ||
| CVE-2025-58063 | Hig | 0.39 | 7.1 | 0.00 | Sep 9, 2025 | CoreDNS is a DNS server that chains plugins. Starting in version 1.2.0 and prior to version 1.12.4, the CoreDNS etcd plugin contains a TTL confusion vulnerability where lease IDs are incorrectly used as TTL values, enabling DNS cache pinning attacks. This effectively creates a… | ||
| CVE-2025-29914 | Med | 0.28 | 5.4 | 0.00 | Mar 20, 2025 | OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Prior to 3.3.3, if a request is made on an URI starting with //, coraza will set a wrong value in REQUEST_FILENAME. For example, if the URI //bar/uploads/foo.php?a=b is passed to coraza: ,… | ||
| CVE-2024-0874 | Med | 0.28 | 5.3 | 0.01 | Apr 25, 2024 | A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching. | ||
| CVE-2003-0380 | 0.03 | — | 0.06 | Jul 2, 2003 | Buffer overflow in atftp daemon (atftpd) 0.6.1 and earlier, and possibly later versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename. | |||
| CVE-2026-26017 | 0.00 | — | 0.00 | Mar 6, 2026 | CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated before the rewrite plugin, resulting in a… | |||
| CVE-2026-26018 | 0.00 | — | 0.01 | Mar 6, 2026 | CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDNS's loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a… | |||
| CVE-2025-68151 | 0.00 | — | 0.00 | Jan 8, 2026 | CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, multiple CoreDNS server implementations (gRPC, HTTPS, and HTTP/3) lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many… | |||
| CVE-2025-47950 | 0.00 | — | 0.01 | Jun 6, 2025 | CoreDNS is a DNS server that chains plugins. In versions prior to 1.12.2, a Denial of Service (DoS) vulnerability exists in the CoreDNS DNS-over-QUIC (DoQ) server implementation. The server previously created a new goroutine for every incoming QUIC stream without imposing any… | |||
| CVE-2023-30464 | 0.00 | — | 0.00 | Sep 18, 2024 | CoreDNS through 1.10.1 enables attackers to achieve DNS cache poisoning and inject fake responses via a birthday attack. | |||
| CVE-2023-28452 | 0.00 | — | 0.01 | Sep 18, 2024 | An issue was discovered in CoreDNS through 1.10.1. There is a vulnerability in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing denial of service for normal resolution. In an exploit, the attacker could just forge a response targeting the… | |||
| CVE-2023-40586 | 0.00 | — | 0.01 | Aug 25, 2023 | OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Due to the misuse of `log.Fatalf`, the application using coraza crashed after receiving crafted requests from attackers. The application will immediately crash after receiving a malicious… | |||
| CVE-2022-2837 | 0.00 | — | 0.00 | Mar 3, 2023 | A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and namespaces that match the TLD. | |||
| CVE-2022-2835 | 0.00 | — | 0.00 | Mar 3, 2023 | A flaw was found in coreDNS. This flaw allows a malicious user to reroute internal calls to some internal services that were accessed by the FQDN in a format of ..svc. |
- risk 0.57cvss 9.8epss 0.01
CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport implementations incorrectly handle TSIG authentication. For gRPC and QUIC, the server checks whether the TSIG key name exists in the configuration but never calls…
- risk 0.42cvss 7.5epss 0.00
CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the transfer plugin can select the wrong ACL stanza when both a parent zone and a more-specific subzone are configured. The longestMatch() function in plugin/transfer/transfer.go uses a lexicographic…
- risk 0.42cvss 7.5epss 0.00
CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the tsig plugin can be bypassed on non-plain-DNS transports (DoT, DoH, DoH3, DoQ, and gRPC) because it trusts the transport writer's TsigStatus() instead of performing verification itself. The DoH and DoH3…
- risk 0.42cvss 7.5epss 0.01
CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS (DoH) GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the request. Unlike the POST…
- risk 0.42cvss 7.5epss 0.00
CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-QUIC (DoQ) server can be driven into unbounded goroutine and memory growth by a remote client that opens many QUIC streams and sends only 1 byte per stream. When the worker pool is full,…
- risk 0.39cvss 7.1epss 0.00
CoreDNS is a DNS server that chains plugins. Starting in version 1.2.0 and prior to version 1.12.4, the CoreDNS etcd plugin contains a TTL confusion vulnerability where lease IDs are incorrectly used as TTL values, enabling DNS cache pinning attacks. This effectively creates a…
- risk 0.28cvss 5.4epss 0.00
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Prior to 3.3.3, if a request is made on an URI starting with //, coraza will set a wrong value in REQUEST_FILENAME. For example, if the URI //bar/uploads/foo.php?a=b is passed to coraza: ,…
- risk 0.28cvss 5.3epss 0.01
A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching.
- CVE-2003-0380Jul 2, 2003risk 0.03cvss —epss 0.06
Buffer overflow in atftp daemon (atftpd) 0.6.1 and earlier, and possibly later versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename.
- CVE-2026-26017Mar 6, 2026risk 0.00cvss —epss 0.00
CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated before the rewrite plugin, resulting in a…
- CVE-2026-26018Mar 6, 2026risk 0.00cvss —epss 0.01
CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDNS's loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a…
- CVE-2025-68151Jan 8, 2026risk 0.00cvss —epss 0.00
CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, multiple CoreDNS server implementations (gRPC, HTTPS, and HTTP/3) lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many…
- CVE-2025-47950Jun 6, 2025risk 0.00cvss —epss 0.01
CoreDNS is a DNS server that chains plugins. In versions prior to 1.12.2, a Denial of Service (DoS) vulnerability exists in the CoreDNS DNS-over-QUIC (DoQ) server implementation. The server previously created a new goroutine for every incoming QUIC stream without imposing any…
- CVE-2023-30464Sep 18, 2024risk 0.00cvss —epss 0.00
CoreDNS through 1.10.1 enables attackers to achieve DNS cache poisoning and inject fake responses via a birthday attack.
- CVE-2023-28452Sep 18, 2024risk 0.00cvss —epss 0.01
An issue was discovered in CoreDNS through 1.10.1. There is a vulnerability in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing denial of service for normal resolution. In an exploit, the attacker could just forge a response targeting the…
- CVE-2023-40586Aug 25, 2023risk 0.00cvss —epss 0.01
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Due to the misuse of `log.Fatalf`, the application using coraza crashed after receiving crafted requests from attackers. The application will immediately crash after receiving a malicious…
- CVE-2022-2837Mar 3, 2023risk 0.00cvss —epss 0.00
A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and namespaces that match the TLD.
- CVE-2022-2835Mar 3, 2023risk 0.00cvss —epss 0.00
A flaw was found in coreDNS. This flaw allows a malicious user to reroute internal calls to some internal services that were accessed by the FQDN in a format of ..svc.