Coredns.io Coredns
5 CVEs affecting Coredns.io Coredns. Latest disclosed: 2026-05-05. Critical: 1, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-35579 | Critical | 9.8 | 2026-05-05 | CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport implementations incorrectly handle TSIG authenticat… |
CVE-2026-33489 | High | 7.5 | 2026-05-05 | CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the transfer plugin can select the wrong ACL stanza when both a parent zone and a mor… |
CVE-2026-33190 | High | 7.5 | 2026-05-05 | CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the tsig plugin can be bypassed on non-plain-DNS transports (DoT, DoH, DoH3, DoQ, and… |
CVE-2026-32936 | High | 7.5 | 2026-05-05 | CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS (DoH) GET path accepts oversized dns= query parameter values and p… |
CVE-2026-32934 | High | 7.5 | 2026-05-05 | CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-QUIC (DoQ) server can be driven into unbounded goroutine and memory grow… |