CoreDNS, Denial of Service, CVE-2026-26018 (Critical)

By /

Listen to this Post

The vulnerability resides in CoreDNS’s loop detection plugin, designed to prevent infinite forwarding loops by generating a unique secret query name using a pseudo-random number generator (PRNG). Prior to version 1.14.2, this PRNG is predictable due to weak seeding, allowing an attacker to accurately guess the generated names. By sending specially crafted DNS queries that mimic these secret names, the attacker can force the loop detection plugin to erroneously identify a loop. When a loop is detected, the plugin invokes a fatal error handler that terminates the entire CoreDNS process, causing a complete denial of service. The attack requires no authentication and can be executed remotely, crashing the server and disrupting all DNS resolution. This issue was fixed in version 1.14.2 by replacing the predictable PRNG with a cryptographically secure random generator and modifying the error handling to prevent process termination.
Platform: CoreDNS
Version: Prior 1.14.2
Vulnerability: DoS via PRNG
Severity: Critical
date: 03/06/2026

Prediction: Patched v1.14.2

What Undercode Say:

Analytics:

Check CoreDNS version
coredns -version
Monitor logs for crashes
tail -f /var/log/coredns.log
Simulate query with dig (example)
dig @127.0.0.1 -p 53 test.example.com
Use tcpdump to capture malicious traffic
tcpdump -i any -n port 53

Exploit:

An attacker analyzes the predictable PRNG pattern to generate queries matching the loop detection secret. These queries are sent to the target CoreDNS server, triggering a fatal error that crashes the process, enabling repeated denial of service.

Protection from this CVE:

Upgrade to CoreDNS version 1.14.2 immediately. If unable, disable the loop plugin via configuration or restrict access with firewalls and network filters to mitigate remote attacks.

Impact:

Critical denial of service leading to complete DNS server crash, disrupting all dependent services and causing prolonged unavailability without data compromise.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top