CVE-2026-33489 | CoreDNS up to 1.14.2 transfer.go longestMatch authorization (EUVD-2026-27450)

A vulnerability was found in CoreDNS up to 1.14.2. It has been classified as problematic. This issue affects the function longestMatch of the file plugin/transfer/transfer.go. Performing a manipulation results in incorrect authorization.

This vulnerability was named CVE-2026-33489. The attack may be initiated remotely. There is no available exploit.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More