Improper Authentication in CoreDNS - CVE-2026-35579
Published: April 25, 2026
Vulnerability identifier: #VU127719
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-35579
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: CoreDNS
Affected software:
CoreDNS
CoreDNS
Detailed vulnerability description
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to improper authentication in the gRPC and QUIC servers when processing TSIG-signed DNS messages. A remote attacker can send a specially crafted request with a valid TSIG key name and a forged MAC to disclose sensitive information.
The issue affects requests where the TSIG key name exists in the configuration, because the HMAC is not computed or compared before the request is treated as verified.
How to mitigate CVE-2026-35579
Install security update from vendor's website.