Package impact
Go / github.com/coredns/coredns
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-33489 | high | 7.5 | 7.5 | 1mo ago | CoreDNS' transfer stanza selection uses lexicographic compare (subzone ACL bypass) | |||
| CVE-2026-33190 | high | 7.5 | 7.5 | 1mo ago | CoreDNS has TSIG authentication bypass on DoT, DoH, DoH3, DoQ, and gRPC | |||
| CVE-2026-32936 | high | 7.5 | 7.5 | 1mo ago | CoreDNS DoH GET oversized dns= query parameter causes pre-validation CPU and memory amplification | |||
| CVE-2026-32934 | high | 7.5 | 7.5 | 1mo ago | CoreDNS' DoQ worker pool does not bound stream backlog | |||
| CVE-2024-0874 | medium | 5.3 | 5.3 | 2y ago | A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching. |