SUSE CVE-2026-33278

NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the...

SUSE CVE-2026-40622

NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vulnerability of the 'ghost domain names' family of attacks that could extend the ghost domain window by up to one cached TTL configured value. Similar to other 'ghost domain names' attacks, an adversary needs to control a ghost...

SUSE CVE-2026-42534

NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the jostle logic that could defeat its purpose and degrade resolution performance. Retransmits of the same query could renew the age of slow running queries and not allow the jostle logic to see them as aged and potentia...

OPENSUSE-SU-2026:10903-1 libunbound8-1.25.1-1.1 on GA media

These are all security issues fixed in the libunbound8-1.25.1-1.1 package on the GA media of openSUSE Tumbleweed...

[SECURITY] Fedora 44 Update: unbound-1.25.1-1.fc44

Unbound is a validating, recursive, and caching DNSSEC resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modula...

CVE-2026-33278 affecting package unbound for versions less than 1.25.1-1

CVE-2026-33278 affecting package unbound for versions less than 1.25.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-44390 affecting package unbound for versions less than 1.25.1-1

CVE-2026-44390 affecting package unbound for versions less than 1.25.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-32792 affecting package unbound for versions less than 1.25.1-1

CVE-2026-32792 affecting package unbound for versions less than 1.25.1-1. An upgraded version of the package is available that resolves this issue...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: unbound: python3-unbound-1.25.1-0.1.hum1 aarch64, x8664 unbound-1.25.1-0.1.hum1 aarch64, x8664 unbound-anchor-1.25.1-0.1.hum1 aarch64, x8664 unbound-devel-1.25.1-0.1.hum1 aarch64, x8664...

CVE-2026-42923

NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the DNSSEC validator where the code path to consult the negative cache for DS records does not take into account the limit on NSEC3 hash calculations introduced in 1.19.1. This leads to degradation of service during the...

CVE-2026-42534

NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the jostle logic that could defeat its purpose and degrade resolution performance. Retransmits of the same query could renew the age of slow running queries and not allow the jostle logic to see them as aged and potentia...

CVE-2026-40622

NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vulnerability of the 'ghost domain names' family of attacks that could extend the ghost domain window by up to one cached TTL configured value. Similar to other 'ghost domain names' attacks, an adversary needs to control a ghost...

CVE-2026-44608

Summary: NLnet Labs Unbound versions 1.14.0–1.25.0 contain a locking inconsistency in RPZ handling that can cause a heap use-after-free and crash under specific multi-threaded conditions when an RPZ XFR reload occurs and an RPZ zone is loaded with rpz-nsip or rpz-nsdname triggers. An attacker wou...

CVE-2026-44390

NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability when handling replies with very large RRsets that Unbound needs to perform name compression for. Malicious upstream responses with very large RRsets with records that don't share a suffix above the root can cause Unbound to...

EUVD-2026-31088

NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability when handling replies with very large RRsets that Unbound needs to perform name compression for. Malicious upstream responses with very large RRsets with records that don't share a suffix above the root can cause Unbound to...

CVE-2026-42960

Unbound CVE-2026-42960 affects versions up to 1.25.0. The vulnerability arises from poisoning attempts using promiscuous RRSets in the authority section; an attacker could spoof replies or leverage fragmentation to inject non-NS address records in the additional section and have Unbound cache the...

CVE-2026-42960 Possible cache poisoning via promiscuous records for the authority section

NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that complement DNS replies in the authority section can be used to trick Unbound to cache such records. If an adversary is able to attach such...

CVE-2026-42959

CVE-2026-42959 affects NLnet Labs Unbound up to version 1.25.0. The vulnerability lies in the DNSSEC validator: while constructing chase-reply messages, the code uses the wrong counter to calculate write offsets for ADDITIONAL section rrsets. This, combined with DNAME duplication increasing the A...

CVE-2026-42959 Crash during DNSSEC validation of malicious content

NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to calculate write offsets fo...

EUVD-2026-31085

NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in the reply packet. The relevant options 'nsid', 'answer-cookie', 'pad-responses' default need to be enabl...