{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/coredns-rewrite-plugin/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":5.3,"id":"CVE-2026-62299"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["CoreDNS","CoreDNS rewrite-plugin"],"_cs_severities":["low"],"_cs_tags":["denial-of-service","coredns","dns","vulnerability","kubernetes"],"_cs_type":"advisory","_cs_vendors":["CoreDNS Project"],"content_html":"\u003cp\u003eA critical remote denial-of-service (DoS) vulnerability, identified as CVE-2026-62299, has been reported in the CoreDNS \u003ccode\u003erewrite-plugin\u003c/code\u003e. This flaw allows a remote attacker to trigger a nil-pointer panic within the CoreDNS server. The vulnerability specifically manifests when the \u003ccode\u003erewrite-plugin\u003c/code\u003e processes an EDNS0 response that originates from a downstream plugin and lacks an OPT (Option) record. Such a scenario can cause the CoreDNS server to crash, leading to a denial of service for DNS resolution. CoreDNS is widely used in Kubernetes environments, making this vulnerability particularly concerning for containerized applications and services that rely on its stability for service discovery and network communication. Defenders should prioritize patching to prevent significant operational disruption.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker sends a specially crafted DNS query to a vulnerable CoreDNS server.\u003c/li\u003e\n\u003cli\u003eThe CoreDNS server, configured with the \u003ccode\u003erewrite-plugin\u003c/code\u003e, forwards this query to a downstream DNS plugin.\u003c/li\u003e\n\u003cli\u003eThe downstream plugin processes the query and returns an EDNS0 response.\u003c/li\u003e\n\u003cli\u003eCrucially, this EDNS0 response is missing the expected OPT record.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003erewrite-plugin\u003c/code\u003e within CoreDNS attempts to process this malformed EDNS0 response.\u003c/li\u003e\n\u003cli\u003eDue to the absence of the OPT record, the \u003ccode\u003erewrite-plugin\u003c/code\u003e encounters a nil-pointer, causing an unhandled panic.\u003c/li\u003e\n\u003cli\u003eThe CoreDNS process crashes, leading to a denial of service and disrupting DNS resolution for clients.\u003c/li\u003e\n\u003cli\u003eRepeated exploitation can result in sustained service unavailability, impacting dependent applications and services.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-62299 results in a denial of service (DoS) for the affected CoreDNS instance. This means that the CoreDNS server will crash and stop responding to DNS queries, disrupting service discovery and network connectivity for any applications or systems relying on it. In environments like Kubernetes, where CoreDNS is fundamental for inter-service communication and external name resolution, this can lead to widespread application outages, unavailability of services, and significant operational impact. While specific victim counts are not available, any organization utilizing CoreDNS with the vulnerable rewrite-plugin is at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2026-62299 by updating CoreDNS to the latest version immediately to mitigate the denial-of-service vulnerability.\u003c/li\u003e\n\u003cli\u003eReview CoreDNS server logs for crash events or restarts that may indicate exploitation attempts related to CVE-2026-62299.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-18T07:05:02Z","date_published":"2026-07-18T07:05:02Z","id":"https://feed.craftedsignal.io/briefs/2026-07-coredns-rewrite-plugin-dos/","summary":"A remote denial-of-service vulnerability (CVE-2026-62299) has been discovered in the CoreDNS rewrite-plugin that can lead to a nil-pointer panic when a downstream plugin returns an EDNS0 response without an OPT record, potentially causing service disruption.","title":"CoreDNS Rewrite Plugin Vulnerability Allows Remote Denial of Service","url":"https://feed.craftedsignal.io/briefs/2026-07-coredns-rewrite-plugin-dos/"}],"language":"en","title":"CraftedSignal Threat Feed - CoreDNS Rewrite-Plugin","version":"https://jsonfeed.org/version/1.1"}