Logical Vulnerability in CoreDNS Server Affecting Plugin Execution Order
CVE-2026-26017
7.7HIGH
What is CVE-2026-26017?
A logical vulnerability in CoreDNS prior to version 1.14.2 enables attackers to bypass DNS access controls. This arises from the default execution order of plugins, where security plugins like 'acl' are checked before 'rewrite'. This results in a Time-of-Check Time-of-Use (TOCTOU) flaw, which can be exploited to manipulate DNS responses. Users are advised to upgrade to version 1.14.2 or later to mitigate this issue.
Affected Version(s)
coredns < 1.14.2