PT-2026-42133 · Nlnet+3 · Unbound+3

Jianjun Chen

+2

·

Published

2026-05-20

·

Updated

2026-06-18

·

CVE-2026-42960

CVSS v3.1

10

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
Name of the Vulnerable Software and Affected Versions NLnet Labs Unbound versions prior to 1.25.1
Description An issue exists where promiscuous RRSets (Resource Record Sets) that complement DNS replies in the authority section can be used to trick the system into caching unauthorized records. An adversary can poison the cache by attaching such records to a reply via spoofed packets or fragmentation attacks. Specifically, a malicious actor can inject RRSets other than NS (Name Server), such as MX (Mail Exchange), accompanied by address records in a reply. The system may then accept and cache relative address records from the additional section if the authority RRSet possesses sufficient trust, such as in-zone data for the delegation point.
Recommendations Update to version 1.25.1.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-42960
ECHO-6546-2C8E-AF78
OPENSUSE-SU-2026:10903-1
OPENSUSE-SU-2026:21083-1
SUSE-SU-2026:22160-1
SUSE-SU-2026:22213-1
SUSE-SU-2026:2369-1
USN-8282-1
USN-8282-2

Affected Products

Freebsd
Linuxmint
Ubuntu
Unbound