Vulnerability-Lookup

CERTFR-2026-AVI-0299

Vulnerability from certfr_avis - Published: 2026-03-16 - Updated: 2026-03-16

De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Microsoft	N/A	azl3 coredns 1.11.4-14 versions antérieures à 1.11.4-15
Microsoft	N/A	azl3 giflib 5.2.1-10 versions antérieures à 5.2.1-11
Microsoft	N/A	cbl2 coredns 1.11.1-25 versions antérieures à 1.11.1-26
Microsoft	N/A	azl3 azurelinux-image-tools 1.2.0-1 versions antérieures à 1.2.0-2
Microsoft	N/A	cbl2 giflib 5.2.1-10 versions antérieures à 5.2.1-11
Microsoft	N/A	azl3 golang 1.26.0-1 versions antérieures à 1.26.1-1
Microsoft	N/A	azl3 golang 1.25.7-1 versions antérieures à 1.25.8-1

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft CVE-2026-26018	2026-03-08	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-23868	2026-03-12	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-26017	2026-03-08	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-27141	2026-03-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-27138	2026-03-11	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-27137	2026-03-11	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "azl3 coredns 1.11.4-14 versions ant\u00e9rieures \u00e0 1.11.4-15",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 giflib 5.2.1-10 versions ant\u00e9rieures \u00e0 5.2.1-11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 coredns 1.11.1-25 versions ant\u00e9rieures \u00e0 1.11.1-26",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 azurelinux-image-tools 1.2.0-1 versions ant\u00e9rieures \u00e0 1.2.0-2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 giflib 5.2.1-10 versions ant\u00e9rieures \u00e0 5.2.1-11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 golang 1.26.0-1 versions ant\u00e9rieures \u00e0 1.26.1-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 golang 1.25.7-1 versions ant\u00e9rieures \u00e0 1.25.8-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-27138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27138"
    },
    {
      "name": "CVE-2026-27137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27137"
    },
    {
      "name": "CVE-2026-26018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-26018"
    },
    {
      "name": "CVE-2026-26017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-26017"
    },
    {
      "name": "CVE-2026-23868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-23868"
    },
    {
      "name": "CVE-2026-27141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27141"
    }
  ],
  "initial_release_date": "2026-03-16T00:00:00",
  "last_revision_date": "2026-03-16T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0299",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-03-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": "2026-03-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-26018",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26018"
    },
    {
      "published_at": "2026-03-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23868",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23868"
    },
    {
      "published_at": "2026-03-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-26017",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26017"
    },
    {
      "published_at": "2026-03-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-27141",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27141"
    },
    {
      "published_at": "2026-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-27138",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27138"
    },
    {
      "published_at": "2026-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-27137",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27137"
    }
  ]
}

CVE-2026-23868 (GCVE-0-2026-23868)

Vulnerability from cvelistv5 – Published: 2026-03-10 18:53 – Updated: 2026-03-11 15:44

Summary

Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible.

Severity ?

5.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-415 - Double Free

Assigner

Tags

	https://www.facebook.com/security/advisories/cve-…	x_refsource_CONFIRM
	https://sourceforge.net/p/giflib/code/ci/f5b7267a…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	giflib	giflib	Affected: 5.0.0 , ≤ 6.1.1 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.1,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-23868",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-11T15:44:19.761510Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-415",
                "description": "CWE-415 Double Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-11T15:44:58.572Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "giflib",
          "vendor": "giflib",
          "versions": [
            {
              "lessThanOrEqual": "6.1.1",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "dateAssigned": "2026-03-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-415: Double Free",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-10T18:53:25.606Z",
        "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "shortName": "Meta"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.facebook.com/security/advisories/cve-2026-23868"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://sourceforge.net/p/giflib/code/ci/f5b7267aed3665ef025c13823e454170d031c106/tree/gifalloc.c?diff=5146815377b7395944cb683a08c43eee3f631eb7"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
    "assignerShortName": "Meta",
    "cveId": "CVE-2026-23868",
    "datePublished": "2026-03-10T18:53:25.606Z",
    "dateReserved": "2026-01-16T19:49:26.309Z",
    "dateUpdated": "2026-03-11T15:44:58.572Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-27138 (GCVE-0-2026-27138)

Vulnerability from cvelistv5 – Published: 2026-03-06 21:28 – Updated: 2026-03-10 13:35

Title

Panic in name constraint checking for malformed certificates in crypto/x509

Summary

Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS.

Severity ?

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-1285 - Improper Validation of Specified Index, Position, or Offset in Input

Assigner

References

URL

Tags

	https://groups.google.com/g/golang-announce/c/Edh…
	https://go.dev/issue/77953
	https://go.dev/cl/752183
	https://pkg.go.dev/vuln/GO-2026-4600

Impacted products

	Vendor	Product	Version
	Go standard library	crypto/x509	Affected: 1.26.0-0 , < 1.26.1 (semver)

Credits

Jakub Ciolek

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 5.9,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-27138",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-10T13:34:15.972110Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-10T13:35:19.784Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "crypto/x509",
          "product": "crypto/x509",
          "programRoutines": [
            {
              "name": "dnsConstraints.query"
            },
            {
              "name": "Certificate.Verify"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.26.1",
              "status": "affected",
              "version": "1.26.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Jakub Ciolek"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-08T05:56:21.000Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
        },
        {
          "url": "https://go.dev/issue/77953"
        },
        {
          "url": "https://go.dev/cl/752183"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2026-4600"
        }
      ],
      "title": "Panic in name constraint checking for malformed certificates in crypto/x509"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2026-27138",
    "datePublished": "2026-03-06T21:28:14.000Z",
    "dateReserved": "2026-02-17T19:57:28.435Z",
    "dateUpdated": "2026-03-10T13:35:19.784Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-27137 (GCVE-0-2026-27137)

Vulnerability from cvelistv5 – Published: 2026-03-06 21:28 – Updated: 2026-03-10 13:32

Title

Incorrect enforcement of email constraints in crypto/x509

Summary

When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-295 - Improper Certificate Validation

Assigner

References

URL

Tags

	https://go.dev/cl/752182
	https://go.dev/issue/77952
	https://groups.google.com/g/golang-announce/c/Edh…
	https://pkg.go.dev/vuln/GO-2026-4599

Impacted products

	Vendor	Product	Version
	Go standard library	crypto/x509	Affected: 1.26.0-0 , < 1.26.1 (semver)

Credits

Jakub Ciolek

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-27137",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-10T13:32:09.097820Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-10T13:32:53.202Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "crypto/x509",
          "product": "crypto/x509",
          "programRoutines": [
            {
              "name": "newEmailConstraints"
            },
            {
              "name": "emailConstraints.query"
            },
            {
              "name": "checkConstraints"
            },
            {
              "name": "checkChainConstraints"
            },
            {
              "name": "parseMailboxes"
            },
            {
              "name": "Certificate.Verify"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.26.1",
              "status": "affected",
              "version": "1.26.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Jakub Ciolek"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-295: Improper Certificate Validation",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-08T05:56:20.771Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/752182"
        },
        {
          "url": "https://go.dev/issue/77952"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2026-4599"
        }
      ],
      "title": "Incorrect enforcement of email constraints in crypto/x509"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2026-27137",
    "datePublished": "2026-03-06T21:28:13.748Z",
    "dateReserved": "2026-02-17T19:57:28.434Z",
    "dateUpdated": "2026-03-10T13:32:53.202Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-26017 (GCVE-0-2026-26017)

Vulnerability from cvelistv5 – Published: 2026-03-06 15:36 – Updated: 2026-03-06 16:06

Title

CoreDNS ACL Bypass

Summary

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated before the rewrite plugin, resulting in a Time-of-Check Time-of-Use (TOCTOU) flaw. This issue has been patched in version 1.14.2.

Severity ?

7.7 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE

CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

Assigner

GitHub_M

References

URL

Tags

	https://github.com/coredns/coredns/security/advis…	x_refsource_CONFIRM
	https://github.com/coredns/coredns/releases/tag/v1.14.2	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	coredns	coredns	Affected: < 1.14.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-26017",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-06T16:06:32.284525Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-06T16:06:41.093Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "coredns",
          "vendor": "coredns",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.14.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated before the rewrite plugin, resulting in a Time-of-Check Time-of-Use (TOCTOU) flaw. This issue has been patched in version 1.14.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-367",
              "description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-06T15:36:15.655Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/coredns/coredns/security/advisories/GHSA-c9v3-4pv7-87pr",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/coredns/coredns/security/advisories/GHSA-c9v3-4pv7-87pr"
        },
        {
          "name": "https://github.com/coredns/coredns/releases/tag/v1.14.2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/coredns/coredns/releases/tag/v1.14.2"
        }
      ],
      "source": {
        "advisory": "GHSA-c9v3-4pv7-87pr",
        "discovery": "UNKNOWN"
      },
      "title": "CoreDNS ACL Bypass"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-26017",
    "datePublished": "2026-03-06T15:36:15.655Z",
    "dateReserved": "2026-02-09T21:36:29.554Z",
    "dateUpdated": "2026-03-06T16:06:41.093Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-27141 (GCVE-0-2026-27141)

Vulnerability from cvelistv5 – Published: 2026-02-26 18:50 – Updated: 2026-02-27 19:11

Title

Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net

Summary

Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

References

URL

Tags

	https://nvd.nist.gov/vuln/detail/CVE-2026-27141
	https://go.dev/cl/746180
	https://go.dev/issue/77652
	https://pkg.go.dev/vuln/GO-2026-4559

Impacted products

	Vendor	Product	Version
	golang.org/x/net	golang.org/x/net/http2	Affected: 0.50.0 , < 0.51.0 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-27141",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-27T19:11:24.117207Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-27T19:11:57.260Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "golang.org/x/net/http2",
          "product": "golang.org/x/net/http2",
          "programRoutines": [
            {
              "name": "typeFrameParser"
            },
            {
              "name": "ClientConn.Close"
            },
            {
              "name": "ClientConn.Ping"
            },
            {
              "name": "ClientConn.RoundTrip"
            },
            {
              "name": "ClientConn.Shutdown"
            },
            {
              "name": "ConfigureServer"
            },
            {
              "name": "ConfigureTransport"
            },
            {
              "name": "ConfigureTransports"
            },
            {
              "name": "ConnectionError.Error"
            },
            {
              "name": "ErrCode.String"
            },
            {
              "name": "FrameHeader.String"
            },
            {
              "name": "FrameType.String"
            },
            {
              "name": "FrameWriteRequest.String"
            },
            {
              "name": "Framer.ReadFrame"
            },
            {
              "name": "Framer.ReadFrameForHeader"
            },
            {
              "name": "Framer.ReadFrameHeader"
            },
            {
              "name": "Framer.WriteContinuation"
            },
            {
              "name": "Framer.WriteData"
            },
            {
              "name": "Framer.WriteDataPadded"
            },
            {
              "name": "Framer.WriteGoAway"
            },
            {
              "name": "Framer.WriteHeaders"
            },
            {
              "name": "Framer.WritePing"
            },
            {
              "name": "Framer.WritePriority"
            },
            {
              "name": "Framer.WritePriorityUpdate"
            },
            {
              "name": "Framer.WritePushPromise"
            },
            {
              "name": "Framer.WriteRSTStream"
            },
            {
              "name": "Framer.WriteRawFrame"
            },
            {
              "name": "Framer.WriteSettings"
            },
            {
              "name": "Framer.WriteSettingsAck"
            },
            {
              "name": "Framer.WriteWindowUpdate"
            },
            {
              "name": "GoAwayError.Error"
            },
            {
              "name": "ReadFrameHeader"
            },
            {
              "name": "Server.ServeConn"
            },
            {
              "name": "Setting.String"
            },
            {
              "name": "SettingID.String"
            },
            {
              "name": "SettingsFrame.ForeachSetting"
            },
            {
              "name": "StreamError.Error"
            },
            {
              "name": "Transport.CloseIdleConnections"
            },
            {
              "name": "Transport.NewClientConn"
            },
            {
              "name": "Transport.RoundTrip"
            },
            {
              "name": "Transport.RoundTripOpt"
            },
            {
              "name": "bufferedWriter.Flush"
            },
            {
              "name": "bufferedWriter.Write"
            },
            {
              "name": "bufferedWriterTimeoutWriter.Write"
            },
            {
              "name": "chunkWriter.Write"
            },
            {
              "name": "clientConnPool.GetClientConn"
            },
            {
              "name": "connError.Error"
            },
            {
              "name": "dataBuffer.Read"
            },
            {
              "name": "duplicatePseudoHeaderError.Error"
            },
            {
              "name": "gzipReader.Close"
            },
            {
              "name": "gzipReader.Read"
            },
            {
              "name": "headerFieldNameError.Error"
            },
            {
              "name": "headerFieldValueError.Error"
            },
            {
              "name": "netHTTPClientConn.Close"
            },
            {
              "name": "netHTTPClientConn.RoundTrip"
            },
            {
              "name": "noDialClientConnPool.GetClientConn"
            },
            {
              "name": "noDialH2RoundTripper.NewClientConn"
            },
            {
              "name": "noDialH2RoundTripper.RoundTrip"
            },
            {
              "name": "pipe.Read"
            },
            {
              "name": "priorityWriteSchedulerRFC7540.CloseStream"
            },
            {
              "name": "priorityWriteSchedulerRFC7540.OpenStream"
            },
            {
              "name": "priorityWriteSchedulerRFC9218.OpenStream"
            },
            {
              "name": "pseudoHeaderError.Error"
            },
            {
              "name": "requestBody.Close"
            },
            {
              "name": "requestBody.Read"
            },
            {
              "name": "responseWriter.Flush"
            },
            {
              "name": "responseWriter.FlushError"
            },
            {
              "name": "responseWriter.Push"
            },
            {
              "name": "responseWriter.SetReadDeadline"
            },
            {
              "name": "responseWriter.SetWriteDeadline"
            },
            {
              "name": "responseWriter.Write"
            },
            {
              "name": "responseWriter.WriteHeader"
            },
            {
              "name": "responseWriter.WriteString"
            },
            {
              "name": "roundRobinWriteScheduler.OpenStream"
            },
            {
              "name": "serverConn.CloseConn"
            },
            {
              "name": "serverConn.Flush"
            },
            {
              "name": "stickyErrWriter.Write"
            },
            {
              "name": "transportResponseBody.Close"
            },
            {
              "name": "transportResponseBody.Read"
            },
            {
              "name": "unencryptedTransport.RoundTrip"
            },
            {
              "name": "writeData.String"
            }
          ],
          "vendor": "golang.org/x/net",
          "versions": [
            {
              "lessThan": "0.51.0",
              "status": "affected",
              "version": "0.50.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-476: NULL Pointer Dereference",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-26T18:50:31.830Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27141"
        },
        {
          "url": "https://go.dev/cl/746180"
        },
        {
          "url": "https://go.dev/issue/77652"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2026-4559"
        }
      ],
      "title": "Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2026-27141",
    "datePublished": "2026-02-26T18:50:31.830Z",
    "dateReserved": "2026-02-17T19:57:28.435Z",
    "dateUpdated": "2026-02-27T19:11:57.260Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-26018 (GCVE-0-2026-26018)

Vulnerability from cvelistv5 – Published: 2026-03-06 15:35 – Updated: 2026-03-06 16:07

Title

CoreDNS Loop Detection Denial of Service Vulnerability

Summary

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDNS's loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name, combined with a fatal error handler that terminates the entire process. This issue has been patched in version 1.14.2.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-337 - Predictable Seed in Pseudo-Random Number Generator (PRNG)
CWE-770 - Allocation of Resources Without Limits or Throttling
CWE-400 - Uncontrolled Resource Consumption

Assigner

GitHub_M

References

URL

Tags

	https://github.com/coredns/coredns/security/advis…	x_refsource_CONFIRM
	https://github.com/coredns/coredns/releases/tag/v1.14.2	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	coredns	coredns	Affected: < 1.14.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-26018",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-06T16:07:22.371186Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-06T16:07:31.587Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "coredns",
          "vendor": "coredns",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.14.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDNS\u0027s loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name, combined with a fatal error handler that terminates the entire process. This issue has been patched in version 1.14.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-337",
              "description": "CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-06T15:35:50.801Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/coredns/coredns/security/advisories/GHSA-h75p-j8xm-m278",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/coredns/coredns/security/advisories/GHSA-h75p-j8xm-m278"
        },
        {
          "name": "https://github.com/coredns/coredns/releases/tag/v1.14.2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/coredns/coredns/releases/tag/v1.14.2"
        }
      ],
      "source": {
        "advisory": "GHSA-h75p-j8xm-m278",
        "discovery": "UNKNOWN"
      },
      "title": "CoreDNS Loop Detection Denial of Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-26018",
    "datePublished": "2026-03-06T15:35:50.801Z",
    "dateReserved": "2026-02-09T21:36:29.554Z",
    "dateUpdated": "2026-03-06T16:07:31.587Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTFR-2026-AVI-0299

Solutions

CVE-2026-23868 (GCVE-0-2026-23868)

CVE-2026-27138 (GCVE-0-2026-27138)

CVE-2026-27137 (GCVE-0-2026-27137)

CVE-2026-26017 (GCVE-0-2026-26017)

CVE-2026-27141 (GCVE-0-2026-27141)

CVE-2026-26018 (GCVE-0-2026-26018)

Tags

Sightings

Nomenclature