Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

CoreDNS: Mehrere Schwachstellen ermöglichen

0
High
Published: 04/26/2026 (04/26/2026, 22:00:00 UTC)
Source: GCVE Database
Vendor/Project: Bundesamt für Sicherheit in der Informationstechnik
Product: Microsoft

Description

Multiple vulnerabilities have been identified in CoreDNS, a DNS server, as reported by the Bundesamt für Sicherheit in der Informationstechnik under CVE-2026-33190 and related CVEs. The advisory references Red Hat's security update for Submariner, a Kubernetes operator related to cross-cluster connectivity, which includes fixes for several CVEs including some listed here. No specific technical details or exploitation methods are provided. The affected version is listed as '=azl3', but this version identifier is non-standard and not further clarified. No CVSS score is available for these vulnerabilities.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/02/2026, 23:39:29 UTC

Technical Analysis

This security advisory concerns multiple vulnerabilities in CoreDNS, identified by CVE-2026-33190 and four additional CVEs (CVE-2026-33489, CVE-2026-35579, CVE-2026-32934, CVE-2026-32936). The advisory is published by the Bundesamt für Sicherheit in der Informationstechnik and references a Red Hat security advisory (RHSA-2026:25127) that addresses related issues in the Submariner Kubernetes operator. Submariner enables cross-cluster networking for Kubernetes pods and services. The Red Hat advisory rates the security impact as Important and provides fixes in Red Hat Advanced Cluster Management for Kubernetes version 2.14. The vendor advisory does not explicitly confirm patch availability for CoreDNS itself but indicates fixes in related Kubernetes components. The affected version stated is '=azl3'. No CVSS score is provided.

Potential Impact

The vulnerabilities affect CoreDNS and potentially related Kubernetes components that enable cross-cluster service connectivity. The Red Hat advisory rates the impact as Important, indicating a significant security concern. However, no known exploits in the wild are reported. The exact impact on confidentiality, integrity, or availability is not detailed in the provided data.

Mitigation Recommendations

The Red Hat advisory RHSA-2026:25127 provides security fixes in Red Hat Advanced Cluster Management for Kubernetes version 2.14, which addresses these vulnerabilities in the context of Submariner. Users should apply the updates as per the Red Hat advisory. No explicit patch or remediation guidance is provided for CoreDNS version '=azl3' in the input data. Patch status for CoreDNS itself is not yet confirmed—check the vendor advisory for current remediation guidance.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Gcve Source
db.gcve.eu
Csaf Category
csaf_base
Csaf Version
2.0
Publisher
Bundesamt für Sicherheit in der Informationstechnik
Advisory Id
WID-SEC-W-2026-1283
Cve Count
5
Additional Cves
["CVE-2026-33489","CVE-2026-35579","CVE-2026-32934","CVE-2026-32936"]
Cvss Version
null

Threat ID: 6a46ed1b27e9c79719447d5c

Added to database: 07/02/2026, 22:58:35 UTC

Last enriched: 07/02/2026, 23:39:29 UTC

Last updated: 07/03/2026, 03:12:30 UTC

Views: 5

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses