PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-62299 coredns CVE debrief

CVE-2026-62299 is a vulnerability in the CoreDNS rewrite plugin that can cause a panic and return SERVFAIL or crash the CoreDNS process via a single ordinary DNS query matching a specific edns0 rewrite rule. This issue is fixed in version 1.14.5. The vulnerability has a CVSS score of 5.3 and a severity of MEDIUM. The affected product is CoreDNS, and the vulnerability is related to the rewrite plugin. The likely operational impact is a denial of service, and the source confidence is limited.

Vendor
coredns
Product
Unknown
CVSS
MEDIUM 5.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-16
Original CVE updated
2026-07-16
Advisory published
2026-07-16
Advisory updated
2026-07-16

Who should care

Users of CoreDNS versions prior to 1.14.5 should be aware of this vulnerability and take steps to mitigate it. The affected operators are those who manage CoreDNS deployments, and the affected platforms are those that use CoreDNS for DNS resolution. The vulnerability-management teams should review the official advisory and CVE record to validate affected scope, severity, and vendor guidance. The security teams should monitor CoreDNS logs for signs of exploitation and implement compensating controls to detect and prevent malicious DNS queries.

Technical summary

The CoreDNS rewrite plugin supports edns0 rewrite rules with an optional revert flag. Two response rules, edns0SetResponseRule and edns0ReplaceResponseRule, call res.IsEdns0() and immediately dereference the returned *dns.OPT without a nil check when a downstream plugin returns a response with no OPT record. A remote, unauthenticated client can send a single ordinary DNS query matching a rewrite edns0 <local|nsid|subnet> <set|append|replace> ... revert rule, causing ResponseReverter to panic, return SERVFAIL, and degrade availability, or crash the CoreDNS process if the debug directive disables recovery.

Defensive priority

Medium

Recommended defensive actions

  • Update to CoreDNS version 1.14.5 or later
  • Implement compensating controls to detect and prevent malicious DNS queries
  • Monitor CoreDNS logs for signs of exploitation
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
  • Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-07-16T20:16:46.693Z and has not been modified since then. The NVD entry is currently 5.3 MEDIUM. There is limited information available about the vulnerability, and defenders should verify the affected scope and severity with the vendor. The CoreDNS rewrite plugin supports edns0 rewrite rules with an optional revert flag, and two response rules, edns0SetResponseRule and edns0ReplaceResponseRule, call res.IsEdns0() and immediately dereference the returned *dns.OPT without a nil check when a downstream plugin returns a response with no OPT record.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-16T20:16:46.693Z and has not been modified since then.