Critical Access Control and DoS Vulnerabilities in CoreDNS Addressed

Critical Access Control and DoS Vulnerabilities in CoreDNS Addressed

First seen 12 Mar 2026, 04:44 UTC Linuxsecurity 81% similarity 57.9

Article Content

Browse articles
ThreatCluster

Recent updates for CoreDNS have addressed significant vulnerabilities affecting DNS services. The updates include fixes for CVE-2026-26017, which resolves an access control bypass due to a flaw in the execution order of plugins, and CVE-2026-26018, which mitigates a denial of service vulnerability linked to predictable pseudo-random number generation. Additionally, CVE-2025-68156 has been patched to prevent uncontrolled recursion in expression evaluation, which can also lead to denial of service. These vulnerabilities impact users of openSUSE and Fedora systems utilizing CoreDNS versions prior to the updates. The patches are available through standard installation methods like YaST and zypper. Users are advised to apply the updates promptly to secure their systems against potential exploitation. The vulnerabilities were disclosed on March 6, 2026, and the updates were released on March 11, 2026.

Key Points: • CoreDNS updates address critical vulnerabilities CVE-2026-26017 and CVE-2026-26018. • CVE-2025-68156 fixed uncontrolled recursion leading to denial of service. • Patches are available for openSUSE and Fedora users; immediate application is recommended.

ThreatCluster AI

Timeline

2025-12-16
CVE-2025-68156 published
2026-01-28
CVE-2025-61728 published
2026-01-28
CVE-2025-68119 published
2026-01-28
CVE-2025-61731 published
2026-01-28
CVE-2025-61726 published
2026-02-05
CVE-2025-68121 published
2026-03-06
CVE-2026-26017 and CVE-2026-26018 published
2026-03-11
CoreDNS updates released for openSUSE and Fedora

Community

Browse all →