CVE-2026-42944

NLnet Labs Unbound 1.14.0–1.25.0 is affected by a heap overflow when encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in replies. The vulnerability requires the options (nsid, answer-cookie, pad-responses) to be enabled, and a querier can trigger the overflow by attaching...

GO-2026-4512 Fingerprint vulnerability in uTLS from missing padding extension for Chrome 120 in github.com/refraction-networking/utls

Fingerprint vulnerability in uTLS from missing padding extension for Chrome 120 in github.com/refraction-networking/utls...

GHSA-RRXV-PMQ9-X67R uTLS has a fingerprint vulnerability from missing padding extension for Chrome 120

The padding extension was incorrectly removed in utls for the non-pq variant of Chrome 120 fingerprint. Chrome removed this extension only when sending pq keyshares. Only this fingerprint is affected since newer fingerprints have pq keyshares by default and older fingerprints have this extension...

uTLS has a fingerprint vulnerability from missing padding extension for Chrome 120

The padding extension was incorrectly removed in utls for the non-pq variant of Chrome 120 fingerprint. Chrome removed this extension only when sending pq keyshares. Only this fingerprint is affected since newer fingerprints have pq keyshares by default and older fingerprints have this extension...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the HelloChrome120. An attacker can obtain sensitive information by analyzing TLS fingerprint discrepancies caused by the missing padding extension. Remediation Upgrade github.com/refraction-networking/utls to...