PT-2026-42127 · Nlnet+3 · Unbound+3

·

CVE-2026-40622

·

Published

2026-05-20

·

Updated

2026-06-18

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions Unbound versions 1.16.2 through 1.25.0
Description An issue exists within the ghost domain names family of attacks that allows an adversary who controls a ghost zone and can query the system to extend the ghost domain window by up to one cached TTL configured value. A single client NS query can cause the software to overwrite the cached expired parent-side referral NS rrset with the child-side apex NS rrset, utilizing the cache-max-ttl value. In configurations where harden-referral-path: yes is enabled, the issue can occur without a client NS query as the system performs that query implicitly.
Recommendations Update to version 1.25.1.

Fix

DoS

Origin Validation Error

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-40622
ECHO-627E-E177-A81B
OPENSUSE-SU-2026:10903-1
OPENSUSE-SU-2026:21083-1
SUSE-SU-2026:21874-1
SUSE-SU-2026:21913-1
SUSE-SU-2026:22160-1
SUSE-SU-2026:22213-1
SUSE-SU-2026:2281-1
SUSE-SU-2026:2369-1
USN-8282-1

Affected Products

Freebsd
Linuxmint
Ubuntu
Unbound