CVE-2026-26018

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions CoreDNS versions prior to 1.14.2

Description CoreDNS is a DNS server that utilizes chained plugins. A denial of service condition exists in the loop detection plugin due to a predictable pseudo-random number generator (PRNG) used for generating a secret query name. This, combined with a fatal error handler, can cause the DNS server to crash when receiving specially crafted DNS queries.

Recommendations Update to version 1.14.2 or later.

Exploit

Fix

DoS

Resource Exhaustion

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-770CWE-337

Related Identifiers

AZL-79500

AZL-79529

CVE-2026-26018

GHSA-H75P-J8XM-M278

GO-2026-4635

OPENSUSE-SU-2026:10297-1

OPENSUSE-SU-2026:20619-1

SUSE-SU-2026:1042-1

Affected Products

Coredns

CVE-2026-26018

Weakness Enumeration

Related Identifiers

Affected Products

References · 150