Linuxsecurity
Critical Access Control and DoS Vulnerabilities in CoreDNS Addressed
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Recent updates for CoreDNS have addressed significant vulnerabilities affecting DNS services. The updates include fixes for CVE-2026-26017, which resolves an access control bypass due to a flaw in the execution order of plugins, and CVE-2026-26018, which mitigates a denial of service vulnerability linked to predictable pseudo-random number generation. Additionally, CVE-2025-68156 has been patched to prevent uncontrolled recursion in expression evaluation, which can also lead to denial of service. These vulnerabilities impact users of openSUSE and Fedora systems utilizing CoreDNS versions prior to the updates. The patches are available through standard installation methods like YaST and zypper. Users are advised to apply the updates promptly to secure their systems against potential exploitation. The vulnerabilities were disclosed on March 6, 2026, and the updates were released on March 11, 2026.
Key Points: • CoreDNS updates address critical vulnerabilities CVE-2026-26017 and CVE-2026-26018. • CVE-2025-68156 fixed uncontrolled recursion leading to denial of service. • Patches are available for openSUSE and Fedora users; immediate application is recommended.