PatchSiren cyber security CVE debrief
CVE-2026-62309 coredns CVE debrief
A security issue was found in CoreDNS, a DNS server written in Go, which can cause the process to crash when the proxyproto plugin is enabled. This occurs when a single 28-byte UDP datagram is received, specifically if it contains a PROXY v2 header with a non-UDP transport, such as family byte 0x11. The issue arises from how the PacketConn.ReadFrom function in plugin/pkg/proxyproto/proxyproto.go handles errors during proxy protocol parsing. The problem leads to a nil pointer being dereferenced, causing the crash before recovery can be applied. This vulnerability has been addressed in CoreDNS version 1.14.4.
- Vendor
- coredns
- Product
- Unknown
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-16
- Original CVE updated
- 2026-07-16
- Advisory published
- 2026-07-16
- Advisory updated
- 2026-07-16
Who should care
Users of CoreDNS, especially those who have enabled the proxyproto plugin, should update to version 1.14.4 to mitigate this vulnerability. This fix is crucial for maintaining the stability and security of DNS services relying on CoreDNS.
Technical summary
The vulnerability in CoreDNS is triggered by a specific malformed UDP datagram that can cause a crash when the proxyproto plugin is enabled. The crash happens because the code incorrectly handles a PROXY v2 header with a non-UDP transport type. The error occurs in the PacketConn.ReadFrom method of the proxyproto.go file, where it attempts to use a nil address after a parsing error, leading to a crash when trying to log the address. The fix in version 1.14.4 properly handles such malformed packets, preventing the crash.
Defensive priority
High
Recommended defensive actions
- Update CoreDNS to version 1.14.4 or later
- Review and adjust configurations for the proxyproto plugin
- Monitor DNS service stability and logs for unusual activity
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
- Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
Evidence notes
The CVE record and NVD detail provide official information on this vulnerability. Additional references include GitHub commits, pull requests, and security advisories related to the fix in CoreDNS version 1.14.4.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-16T20:16:47.030Z and has not been modified since then.