PT-2026-42128 · Nlnet+3 · Unbound+3

Qifan Zhang

·

Published

2026-05-20

·

Updated

2026-06-30

·

CVE-2026-41292

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions NLnet Labs Unbound versions prior to 1.25.1
Description An issue exists related to the parsing of long lists of incoming EDNS (Extension Mechanisms for DNS) options. An adversary can send queries containing an excessive number of EDNS options, causing Unbound threads to be held hostage while parsing and creating internal data structures. Coordinated attacks of this nature can lead to service degradation or a denial of service.
Recommendations Update to version 1.25.1.

Fix

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-41292
ECHO-A55D-D403-6E56
OPENSUSE-SU-2026:10903-1
OPENSUSE-SU-2026:21083-1
SUSE-SU-2026:21874-1
SUSE-SU-2026:21913-1
SUSE-SU-2026:22160-1
SUSE-SU-2026:22213-1
SUSE-SU-2026:2281-1
SUSE-SU-2026:2369-1
USN-8282-1
USN-8282-2

Affected Products

Freebsd
Linuxmint
Ubuntu
Unbound