AZL-79497

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-79497.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-79497

Upstream

CVE-2026-26017

Published

2026-03-06T16:16:10Z

Modified

2026-04-21T04:34:44.840165Z

Summary

CVE-2026-26017 affecting package coredns 1.11.4-14

Details

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated before the rewrite plugin, resulting in a Time-of-Check Time-of-Use (TOCTOU) flaw. This issue has been patched in version 1.14.2.

References

https://nvd.nist.gov/vuln/detail/CVE-2026-26017

Affected packages

Azure Linux:3 / coredns

Package

Name: coredns
Purl: pkg:rpm/azure-linux/coredns

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

1.11.4-14

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-79497.json"