{
	"document":{
		"aggregate_severity":{
			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
			"text":"MEDIUM"
		},
		"category":"csaf_vex",
		"csaf_version":"2.0",
		"distribution":{
			"tlp":{
				"label":"WHITE",
				"url":"https:/www.first.org/tlp/"
			}
		},
		"lang":"en",
		"notes":[
			{
				"text":"CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated before the rewrite plugin, resulting in a Time-of-Check Time-of-Use (TOCTOU) flaw. This issue has been patched in version 1.14.2.",
				"category":"general",
				"title":"Synopsis"
			}
		],
		"publisher":null,
		"references":[
			{
				"summary":"nvd cve",
				"category":"external",
				"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26017"
			},
			{
				"summary":"CVE-2026-26017 vex file",
				"category":"self",
				"url":"https://repo.openeuler.org/security/data/csaf/cve/2026/csaf-openeuler-cve-2026-26017.json"
			},
			{
				"summary":"openEuler-SA-2026-2939",
				"category":"self",
				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2939"
			},
			{
				"summary":"CVE-2026-26017",
				"category":"self",
				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-26017&packageName=coredns"
			}
		],
		"title":"openEuler cve CVE-2026-26017",
		"tracking":{
			"initial_release_date":"2026-07-14T11:13:18+08:00",
			"revision_history":[
				{
					"date":"2026-07-14T11:13:18+08:00",
					"summary":"Initial",
					"number":"1.0.0"
				}
			],
			"generator":{
				"date":"2026-07-14T11:13:18+08:00",
				"engine":{
					"name":"openEuler CSAF Tool V1.0"
				}
			},
			"current_release_date":"2026-07-14T11:13:18+08:00",
			"id":"CVE-2026-26017",
			"version":"1.0.0",
			"status":"interim"
		}
	},
	"product_tree":{
		"branches":[
			{
				"name":"openEuler",
				"category":"vendor",
				"branches":[
					{
						"name":"openEuler",
						"branches":[
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
									},
									"product_id":"openEuler-20.03-LTS-SP4",
									"name":"openEuler-20.03-LTS-SP4"
								},
								"name":"openEuler-20.03-LTS-SP4",
								"category":"product_version"
							}
						],
						"category":"product_name"
					},
					{
						"name":"aarch64",
						"branches":[
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
									},
									"product_id":"coredns-1.7.0-1.4.oe2003sp4.aarch64.rpm",
									"name":"coredns-1.7.0-1.4.oe2003sp4.aarch64.rpm"
								},
								"name":"coredns-1.7.0-1.4.oe2003sp4.aarch64.rpm",
								"category":"product_version"
							},
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
									},
									"product_id":"coredns-help-1.7.0-1.4.oe2003sp4.aarch64.rpm",
									"name":"coredns-help-1.7.0-1.4.oe2003sp4.aarch64.rpm"
								},
								"name":"coredns-help-1.7.0-1.4.oe2003sp4.aarch64.rpm",
								"category":"product_version"
							}
						],
						"category":"architecture"
					},
					{
						"name":"src",
						"branches":[
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
									},
									"product_id":"coredns-1.7.0-1.4.oe2003sp4.src.rpm",
									"name":"coredns-1.7.0-1.4.oe2003sp4.src.rpm"
								},
								"name":"coredns-1.7.0-1.4.oe2003sp4.src.rpm",
								"category":"product_version"
							}
						],
						"category":"architecture"
					},
					{
						"name":"x86_64",
						"branches":[
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
									},
									"product_id":"coredns-1.7.0-1.4.oe2003sp4.x86_64.rpm",
									"name":"coredns-1.7.0-1.4.oe2003sp4.x86_64.rpm"
								},
								"name":"coredns-1.7.0-1.4.oe2003sp4.x86_64.rpm",
								"category":"product_version"
							},
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
									},
									"product_id":"coredns-help-1.7.0-1.4.oe2003sp4.x86_64.rpm",
									"name":"coredns-help-1.7.0-1.4.oe2003sp4.x86_64.rpm"
								},
								"name":"coredns-help-1.7.0-1.4.oe2003sp4.x86_64.rpm",
								"category":"product_version"
							}
						],
						"category":"architecture"
					}
				]
			}
		],
		"relationships":[
			{
				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
				"product_reference":"coredns-1.7.0-1.4.oe2003sp4.aarch64.rpm",
				"full_product_name":{
					"product_id":"openEuler-20.03-LTS-SP4:coredns-1.7.0-1.4.oe2003sp4.aarch64",
					"name":"coredns-1.7.0-1.4.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
				},
				"category":"default_component_of"
			},
			{
				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
				"product_reference":"coredns-help-1.7.0-1.4.oe2003sp4.aarch64.rpm",
				"full_product_name":{
					"product_id":"openEuler-20.03-LTS-SP4:coredns-help-1.7.0-1.4.oe2003sp4.aarch64",
					"name":"coredns-help-1.7.0-1.4.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
				},
				"category":"default_component_of"
			},
			{
				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
				"product_reference":"coredns-1.7.0-1.4.oe2003sp4.src.rpm",
				"full_product_name":{
					"product_id":"openEuler-20.03-LTS-SP4:coredns-1.7.0-1.4.oe2003sp4.src",
					"name":"coredns-1.7.0-1.4.oe2003sp4.src as a component of openEuler-20.03-LTS-SP4"
				},
				"category":"default_component_of"
			},
			{
				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
				"product_reference":"coredns-1.7.0-1.4.oe2003sp4.x86_64.rpm",
				"full_product_name":{
					"product_id":"openEuler-20.03-LTS-SP4:coredns-1.7.0-1.4.oe2003sp4.x86_64",
					"name":"coredns-1.7.0-1.4.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
				},
				"category":"default_component_of"
			},
			{
				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
				"product_reference":"coredns-help-1.7.0-1.4.oe2003sp4.x86_64.rpm",
				"full_product_name":{
					"product_id":"openEuler-20.03-LTS-SP4:coredns-help-1.7.0-1.4.oe2003sp4.x86_64",
					"name":"coredns-help-1.7.0-1.4.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
				},
				"category":"default_component_of"
			}
		]
	},
	"vulnerabilities":[
		{
			"cve":"CVE-2026-26017",
			"notes":[
				{
					"text":"CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated before the rewrite plugin, resulting in a Time-of-Check Time-of-Use (TOCTOU) flaw. This issue has been patched in version 1.14.2.",
					"category":"description",
					"title":"Vulnerability Description"
				}
			],
			"product_status":{
				"fixed":[
					"openEuler-20.03-LTS-SP4:coredns-1.7.0-1.4.oe2003sp4.aarch64",
					"openEuler-20.03-LTS-SP4:coredns-help-1.7.0-1.4.oe2003sp4.aarch64",
					"openEuler-20.03-LTS-SP4:coredns-1.7.0-1.4.oe2003sp4.src",
					"openEuler-20.03-LTS-SP4:coredns-1.7.0-1.4.oe2003sp4.x86_64",
					"openEuler-20.03-LTS-SP4:coredns-help-1.7.0-1.4.oe2003sp4.x86_64"
				]
			},
			"remediations":[
				{
					"product_ids":[
						"openEuler-20.03-LTS-SP4:coredns-1.7.0-1.4.oe2003sp4.aarch64",
						"openEuler-20.03-LTS-SP4:coredns-help-1.7.0-1.4.oe2003sp4.aarch64",
						"openEuler-20.03-LTS-SP4:coredns-1.7.0-1.4.oe2003sp4.src",
						"openEuler-20.03-LTS-SP4:coredns-1.7.0-1.4.oe2003sp4.x86_64",
						"openEuler-20.03-LTS-SP4:coredns-help-1.7.0-1.4.oe2003sp4.x86_64"
					],
					"details":"coredns security update",
					"category":"vendor_fix",
					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2939"
				}
			],
			"scores":[
				{
					"cvss_v3":{
						"baseSeverity":"MEDIUM",
						"baseScore":6.3,
						"vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
						"version":"3.1"
					},
					"products":[
						"openEuler-20.03-LTS-SP4:coredns-1.7.0-1.4.oe2003sp4.aarch64",
						"openEuler-20.03-LTS-SP4:coredns-help-1.7.0-1.4.oe2003sp4.aarch64",
						"openEuler-20.03-LTS-SP4:coredns-1.7.0-1.4.oe2003sp4.src",
						"openEuler-20.03-LTS-SP4:coredns-1.7.0-1.4.oe2003sp4.x86_64",
						"openEuler-20.03-LTS-SP4:coredns-help-1.7.0-1.4.oe2003sp4.x86_64"
					]
				}
			],
			"threats":[
				{
					"details":"Medium",
					"category":"impact"
				}
			],
			"title":"CVE-2026-26017"
		}
	]
}