Description
CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDNS's loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name, combined with a fatal error handler that terminates the entire process. This issue has been patched in version 1.14.2.
Published: 2026-03-06
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

The flaw resides in CoreDNS’s loop detection plugin. An attacker can craft DNS queries that exploit the predictable pseudo‑random number generator used to generate secret query names, causing the plugin to raise a fatal error that terminates the entire DNS server. The outcome is a denial of service that can disrupt all clients relying on that DNS service. The weakness encompasses predictable PRNG use (CWE‑337), uncontrolled resource exhaustion (CWE‑400), and other related vulnerabilities (CWE‑1241, CWE‑770).

Affected Systems

CoreDNS, the DNS server software chain used by many container and cloud deployments. Versions earlier than 1.14.2 are affected; the vulnerability was fixed in the 1.14.2 release.

Risk and Exploitability

With a CVSS score of 7.5 the vulnerability is considered high severity. The EPSS score is below 1 %, indicating a low probability of current exploitation, and it has not appeared in the CISA Known Exploited Vulnerabilities catalog. The attack vector is inferred to be remote over the network, since an attacker only needs to send a specially crafted DNS query. A single successful request can crash the entire server, making rapid mitigation essential to preserve DNS availability.

Generated by OpenCVE AI on April 16, 2026 at 11:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade CoreDNS to version 1.14.2 or later.
  • Configure rate‑limiting on DNS queries to lessen the impact of any future exploitation attempts.
  • Set up monitoring of DNS logs to detect abnormal query patterns that may indicate probing for this fault.

Generated by OpenCVE AI on April 16, 2026 at 11:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-h75p-j8xm-m278 CoreDNS Loop Detection Denial of Service Vulnerability
History

Mon, 09 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:coredns.io:coredns:*:*:*:*:*:*:*:*

Mon, 09 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Coredns.io
Coredns.io coredns
Vendors & Products Coredns.io
Coredns.io coredns

Sat, 07 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1241
References
Metrics threat_severity

None

 threat_severity

Important

Fri, 06 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Mar 2026 15:45:00 +0000

Type Values Removed Values Added
Description CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDNS's loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name, combined with a fatal error handler that terminates the entire process. This issue has been patched in version 1.14.2.
Title CoreDNS Loop Detection Denial of Service Vulnerability
Weaknesses CWE-337
CWE-400
CWE-770
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Coredns.io Coredns
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-06T16:07:31.587Z

Reserved: 2026-02-09T21:36:29.554Z

Link: CVE-2026-26018

cve-icon Vulnrichment

Updated: 2026-03-06T16:07:26.703Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-06T16:16:10.557

Modified: 2026-03-09T20:32:49.083

Link: CVE-2026-26018

cve-icon Redhat

Severity : Important

Publid Date: 2026-03-06T15:35:50Z

Links: CVE-2026-26018 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T11:30:15Z

Weaknesses