435 matches found
GO-2026-5667 CoreDNS has TSIG authentication bypass on gRPC and QUIC transports in github.com/coredns/coredns
CoreDNS has TSIG authentication bypass on gRPC and QUIC transports in github.com/coredns/coredns...
OESA-2026-2720 coredns security update
CoreDNS is a fast and flexible DNS server. The key word here is flexible: with CoreDNS you are able to do what you want with your DNS data by utilizing plugins. Security Fixes: CoreDNS is a DNS server that chains plugins. Starting in version 1.2.0 and prior to version 1.12.4, the CoreDNS etcd...
Photon OS 4.0: Coredns PHSA-2026-4.0-1038
An update of the coredns package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1038. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Critical Photon OS Security Update - PHSA-2026-4.0-1038
Updates of 'coredns', 'python3-pip', 'rsync', 'redis', 'erlang' packages of Photon OS have been released...
Photon OS 5.0: Coredns PHSA-2026-5.0-0869
An update of the coredns package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0869. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
CVE-2026-39821 affecting package coredns for versions less than 1.11.4-17
CVE-2026-39821 affecting package coredns for versions less than 1.11.4-17. A patched version of the package is available...
CVE-2026-32934
A flaw was found in CoreDNS, a DNS server that chains plugins. The DNS-over-QUIC DoQ server is vulnerable to unbounded resource growth. An unauthenticated remote attacker can exploit this by opening numerous QUIC streams and sending only one byte per stream, causing the server to spawn excessive...
CVE-2026-32936
A flaw was found in CoreDNS, a DNS server that chains plugins. A remote, unauthenticated attacker can exploit this vulnerability by repeatedly sending oversized DNS-over-HTTPS DoH GET requests. The GET path, unlike the POST path, lacks size validation before processing large dns= query parameter...
CVE-2026-33489
A flaw was found in CoreDNS. An unauthorized remote client can exploit a vulnerability in the transfer plugin's Access Control List ACL stanza selection. This occurs when both a parent zone and a more-specific subzone are configured, and the longestMatch function incorrectly uses a lexicographic...
GO-2026-4969 CoreDNS' DoQ worker pool does not bound stream backlog in github.com/coredns/coredns
CoreDNS' DoQ worker pool does not bound stream backlog in github.com/coredns/coredns...
PT-2026-42372
CoreDNS' DoQ worker pool does not bound stream backlog in github.com/coredns/coredns...
CVE-2026-35579 affecting package coredns for versions less than 1.11.4-16
CVE-2026-35579 affecting package coredns for versions less than 1.11.4-16. A patched version of the package is available...
CVE-2026-33489 affecting package coredns for versions less than 1.11.4-16
CVE-2026-33489 affecting package coredns for versions less than 1.11.4-16. A patched version of the package is available...
CVE-2026-32936 affecting package coredns for versions less than 1.11.4-16
CVE-2026-32936 affecting package coredns for versions less than 1.11.4-16. A patched version of the package is available...
CVE-2026-32934 affecting package coredns for versions less than 1.11.4-16
CVE-2026-32934 affecting package coredns for versions less than 1.11.4-16. A patched version of the package is available...
CVE-2026-35579
A flaw was found in CoreDNS. An unauthenticated network attacker can exploit incorrect handling of TSIG Transaction Signature authentication in the gRPC, QUIC, DoH DNS over HTTPS, and DoH3 transport implementations. This vulnerability allows an attacker to bypass TSIG protection, leading to...
openSUSE 16 Security Update : coredns (openSUSE-SU-2026:20703-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20703-1 advisory. Changes in coredns: - Update to version 1.14.3: This release introduces Windows service support, along with full TSIG verification across DoH,...
CoreDNS DoH GET path missing size validation causes CPU and memory amplification
...
CoreDNS transfer plugin subzone ACL bypass via lexicographic zone comparison
...
CoreDNS TSIG authentication bypass on encrypted DNS transports
...