PT-2026-42133 · Nlnet+3 · Unbound+3
Jianjun Chen
+2
·
Published
2026-05-20
·
Updated
2026-06-18
·
CVE-2026-42960
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
NLnet Labs Unbound versions prior to 1.25.1
Description
An issue exists where promiscuous RRSets (Resource Record Sets) that complement DNS replies in the authority section can be used to trick the system into caching unauthorized records. An adversary can poison the cache by attaching such records to a reply via spoofed packets or fragmentation attacks. Specifically, a malicious actor can inject RRSets other than NS (Name Server), such as MX (Mail Exchange), accompanied by address records in a reply. The system may then accept and cache relative address records from the additional section if the authority RRSet possesses sufficient trust, such as in-zone data for the delegation point.
Recommendations
Update to version 1.25.1.
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Freebsd
Linuxmint
Ubuntu
Unbound