CVE-2026-26017 - Vulnerability Details - OpenCVE

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated before the rewrite plugin, resulting in a Time-of-Check Time-of-Use (TOCTOU) flaw. This issue has been patched in version 1.14.2.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

No data.

References

Link	Providers
https://github.com/coredns/coredns/releases/tag/v1.14.2
https://github.com/coredns/coredns/security/advisories/GHSA-c9v3-4pv7-87pr

History

Fri, 06 Mar 2026 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 06 Mar 2026 15:45:00 +0000

Type	Values Removed	Values Added
Description		CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated before the rewrite plugin, resulting in a Time-of-Check Time-of-Use (TOCTOU) flaw. This issue has been patched in version 1.14.2.
Title		CoreDNS ACL Bypass
Weaknesses		CWE-367
References		https://github.com/coredns/coredns/releases/tag/v1.14.2 https://github.com/coredns/coredns/security/advisories/GHSA-c9v3-4pv7-87pr
Metrics		cvssV3_1 `{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-03-06T15:36:15.655Z

Updated: 2026-03-06T16:06:41.093Z

Reserved: 2026-02-09T21:36:29.554Z

Link: CVE-2026-26017

Vulnrichment

Updated: 2026-03-06T16:06:35.183Z

NVD

Status : Received

Published: 2026-03-06T16:16:10.397

Modified: 2026-03-06T16:16:10.397

Link: CVE-2026-26017

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-26017", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-09T21:36:29.554Z", "datePublished": "2026-03-06T15:36:15.655Z", "dateUpdated": "2026-03-06T16:06:41.093Z"}, "containers": {"cna": {"title": "CoreDNS ACL Bypass", "problemTypes": [{"descriptions": [{"cweId": "CWE-367", "lang": "en", "description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/coredns/coredns/security/advisories/GHSA-c9v3-4pv7-87pr", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/coredns/coredns/security/advisories/GHSA-c9v3-4pv7-87pr"}, {"name": "https://github.com/coredns/coredns/releases/tag/v1.14.2", "tags": ["x_refsource_MISC"], "url": "https://github.com/coredns/coredns/releases/tag/v1.14.2"}], "affected": [{"vendor": "coredns", "product": "coredns", "versions": [{"version": "< 1.14.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-06T15:36:15.655Z"}, "descriptions": [{"lang": "en", "value": "CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated before the rewrite plugin, resulting in a Time-of-Check Time-of-Use (TOCTOU) flaw. This issue has been patched in version 1.14.2."}], "source": {"advisory": "GHSA-c9v3-4pv7-87pr", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-06T16:06:32.284525Z", "id": "CVE-2026-26017", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-06T16:06:41.093Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-26017", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-06T16:06:32.284525Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-06T16:06:35.183Z"}}], "cna": {"title": "CoreDNS ACL Bypass", "source": {"advisory": "GHSA-c9v3-4pv7-87pr", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "coredns", "product": "coredns", "versions": [{"status": "affected", "version": "< 1.14.2"}]}], "references": [{"url": "https://github.com/coredns/coredns/security/advisories/GHSA-c9v3-4pv7-87pr", "name": "https://github.com/coredns/coredns/security/advisories/GHSA-c9v3-4pv7-87pr", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/coredns/coredns/releases/tag/v1.14.2", "name": "https://github.com/coredns/coredns/releases/tag/v1.14.2", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated before the rewrite plugin, resulting in a Time-of-Check Time-of-Use (TOCTOU) flaw. This issue has been patched in version 1.14.2."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-367", "description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-06T15:36:15.655Z"}}}, "cveMetadata": {"cveId": "CVE-2026-26017", "state": "PUBLISHED", "dateUpdated": "2026-03-06T16:06:41.093Z", "dateReserved": "2026-02-09T21:36:29.554Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-06T15:36:15.655Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}