๐Ÿ” CVE Alert

CVE-2026-62299

MEDIUM 5.3

CoreDNS: rewrite-plugin EDNS0 response-revert nil-pointer panic (remote DoS) when a downstream plugin returns a response with no OPT record

CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th

CoreDNS is a DNS server written in Go. Prior to 1.14.5, the CoreDNS rewrite plugin supports edns0 rewrite rules with an optional revert flag, and two response rules, edns0SetResponseRule and edns0ReplaceResponseRule[T] in plugin/rewrite/edns0.go, call res.IsEdns0() and immediately dereference the returned *dns.OPT without a nil check when a downstream plugin returns a response with no OPT record. A remote, unauthenticated client can send a single ordinary DNS query matching a rewrite edns0 <local|nsid|subnet> <set|append|replace> ... revert rule, causing ResponseReverter in plugin/rewrite/reverter.go to panic, return SERVFAIL, and degrade availability, or crash the CoreDNS process if the debug directive disables recovery. This issue is fixed in version 1.14.5.

CWE CWE-476
Vendor coredns
Product coredns
Published Jul 16, 2026
Stay Ahead of the Next One

Get instant alerts for coredns coredns

Be the first to know when new medium vulnerabilities affecting coredns coredns are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Affected Versions

coredns / coredns
< 1.14.5

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/coredns/coredns/security/advisories/GHSA-9pmm-cxww-rrr7 github.com: https://github.com/coredns/coredns/pull/8190 github.com: https://github.com/coredns/coredns/commit/fc447d0658b093edc8cd29a6b171216a44a644c2 github.com: https://github.com/coredns/coredns/releases/tag/v1.14.5