AZL-79529

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-79529.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-79529

Upstream

CVE-2026-26018

Published

2026-03-06T16:16:10Z

Modified

2026-04-21T04:34:45.913026Z

Summary

CVE-2026-26018 affecting package coredns 1.11.1-25

Details

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDNS's loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name, combined with a fatal error handler that terminates the entire process. This issue has been patched in version 1.14.2.

References

https://nvd.nist.gov/vuln/detail/CVE-2026-26018

Affected packages

Azure Linux:2 / coredns

Package

Name: coredns
Purl: pkg:rpm/azure-linux/coredns

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

1.11.1-25

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-79529.json"