CVE-2026-42534

A flaw was found in Unbound. An adversary who can query a vulnerable Unbound instance and control a slow or malicious domain name server can exploit a vulnerability in the jostle logic. This flaw allows retransmitted queries to renew the age of slow-running queries, preventing them from being...

SUSE CVE-2026-42534

NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the jostle logic that could defeat its purpose and degrade resolution performance. Retransmits of the same query could renew the age of slow running queries and not allow the jostle logic to see them as aged and potentia...

Jostle logic bypass degrades resolution performance

...

CVE-2026-42534

The CVE affects NLnet Labs Unbound up to and including version 1.25.0. A vulnerability in the jostle logic can degrade resolution performance when handling slow or maliciously responding DNS servers. An attacker who can query a vulnerable Unbound and influence the domain’s DNS responses can explo...

PT-2026-42129

Name of the Vulnerable Software and Affected Versions NLnet Labs Unbound versions prior to 1.25.1 Description An issue exists in the jostle logic that can degrade resolution performance. When the num-queries-per-thread limit is reached, the jostle logic identifies slow-resolving queries for...