CVE-2026-41292
published 2026-05-20CVE-2026-41292: NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service attack related to parsing long lists of incoming EDNS options…
PriorityP342high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.56%
42.2th percentile
NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service attack related to parsing long lists of incoming EDNS options. An adversary sending queries with too many EDNS options can hold Unbound threads hostage while they are parsing and creating internal data structures for the options. Coordinated attacks can result in degradation and/or denial of service. Unbound 1.25.1 contains a patch with a fix to limit acceptable incoming EDNS options (100).
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nlnet_labs | unbound | < 1.25.1 | 1.25.1 |
| nlnetlabs | unbound | < 1.25.1 | 1.25.1 |
| nlnetlabs | unbound | — | — |
| rhoso-operators | designate-rhel9-operator | — | — |
| rhoso | openstack-unbound-rhel9 | — | — |
| rhosp-rhel8-tech-preview | openstack-unbound | — | — |
| rhosp-rhel9 | openstack-unbound | — | — |
| ubuntu | unbound | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv4.06.6MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red
vendor_redhat7.5HIGH
vendor_ubuntu4.6MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2wvj-gvc7-gfhx: NLnet Labs Unbound up to and including version 1
ghsa_unreviewed·2026-05-20
CVE-2026-41292 [MEDIUM] CWE-407 GHSA-2wvj-gvc7-gfhx: NLnet Labs Unbound up to and including version 1
NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service attack related to parsing long lists of incoming EDNS options. An adversary sending queries with too many EDNS options can hold Unbound threads hostage while they are parsing and creating internal data structures for the options. Coordinated attacks can result in degradation and/or denial of service. Unbound 1.25.1 contains a patch with a fix to limit acceptable incoming EDNS options (100).
BSD
FreeBSD-SA-26:33.unbound: Multiple vulnerabilities in unbound
bsd_advisories·2026-06-09·CVSS 5.3
CVE-2026-32792 [MEDIUM] FreeBSD-SA-26:33.unbound: Multiple vulnerabilities in unbound
FreeBSD-SA-26:33.unbound Security Advisory
The FreeBSD Project
Topic: Multiple vulnerabilities in unbound
Category: contrib
Module: unbound
Announced: 2026-06-09
Affects: All supported versions of FreeBSD
Corrected: 2026-05-26 16:48:51 UTC (stable/15, 15.1-STABLE)
2026-05-28 22:16:07 UTC (releng/15.1, 15.1-RC2)
2026-06-09 19:19:52 UTC (releng/15.0, 15.0-RELEASE-p10)
2026-05-26 16:49:56 UTC (stable/14, 14.4-STABLE)
2026-06-09 19:19:14 UTC (releng/14.4, 14.4-RELEASE-p6)
2026-06-09 19:18:44 UTC (releng/14.3, 14.3-RELEASE-p15)
CVE Name: CVE-2026-32792, CVE-2026-33278, CVE-2026-40622,
CVE-2026-41292, CVE-2026-42534, CVE-2026-42923,
CVE-2026-42944, CVE-2026-42959, CVE-2026-42960,
CVE-2026-44390, CVE-2026-44608
For general information regarding FreeBSD Security Advisories,
including descriptio
Ubuntu
Unbound vulnerabilities
vendor_ubuntu·2026-06-02·CVSS 4.6
CVE-2026-42959 [MEDIUM] Unbound vulnerabilities
Title: Unbound vulnerabilities
Summary: Several security issues were fixed in Unbound.
USN-8282-1 fixed vulnerabilities in Unbound. This update provides the
corresponding updates for CVE-2026-41292 in Ubuntu 18.04 LTS and Ubuntu
20.04 LTS and CVE-2026-42959, CVE-2026-42960 in Ubuntu 14.04 LTS, Ubuntu
16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.
Original advisory details:
Andrew Griffiths discovered that Unbound did not properly handle certain
DNSCrypt packets. A remote attacker could possibly use this issue to cause
Unbound to crash, resulting in a denial of service. (CVE-2026-32792)
Qifan Zhang discovered that Unbound incorrectly handled DNSSEC validation
in certain situations. A remote attacker could possibly use this issue to
execute arbitrary code. This issue only affected U
Ubuntu
Unbound vulnerabilities
vendor_ubuntu·2026-05-20·CVSS 4.6
CVE-2026-33278 [MEDIUM] Unbound vulnerabilities
Title: Unbound vulnerabilities
Summary: Several security issues were fixed in Unbound.
Andrew Griffiths discovered that Unbound did not properly handle certain
DNSCrypt packets. A remote attacker could possibly use this issue to cause
Unbound to crash, resulting in a denial of service. (CVE-2026-32792)
Qifan Zhang discovered that Unbound incorrectly handled DNSSEC validation
in certain situations. A remote attacker could possibly use this issue to
execute arbitrary code. This issue only affected Ubuntu 24.04 LTS,
Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-33278)
Qifan Zhang discovered that Unbound incorrectly handled certain ghost
domain name records. A remote attacker could possibly use this issue to
cause a denial of service. This issue only affected Ubuntu 24.04 LTS,
Ubuntu 25.10
Red Hat
unbound: Unbound: Denial of Service via excessive EDNS options
vendor_redhat·2026-05-20·CVSS 7.5
CVE-2026-41292 [HIGH] CWE-1050 unbound: Unbound: Denial of Service via excessive EDNS options
unbound: Unbound: Denial of Service via excessive EDNS options
NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service attack related to parsing long lists of incoming EDNS options. An adversary sending queries with too many EDNS options can hold Unbound threads hostage while they are parsing and creating internal data structures for the options. Coordinated attacks can result in degradation and/or denial of service. Unbound 1.25.1 contains a patch with a fix to limit acceptable incoming EDNS options (100).
A flaw was found in Unbound. A remote attacker can exploit this vulnerability by sending queries with an excessive number of EDNS (Extension Mechanisms for DNS) options. This can cause Unbound threads to be held hostage while parsing and creatin
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-41292 lua-unbound: Unbound: Denial of Service via excessive EDNS options [fedora-44]
bugzilla·2026-06-23·CVSS 7.5
CVE-2026-41292 [HIGH] CVE-2026-41292 lua-unbound: Unbound: Denial of Service via excessive EDNS options [fedora-44]
CVE-2026-41292 lua-unbound: Unbound: Denial of Service via excessive EDNS options [fedora-44]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
CVE-2026-41292 refers to a vulnerability in unbound, not in lua-unbound. Please be more precise in the future when creating RHBZs.
Bugzilla
CVE-2026-41292 ghc-unbounded-delays: Unbound: Denial of Service via excessive EDNS options [epel-all]
bugzilla·2026-06-23·CVSS 7.5
CVE-2026-41292 [HIGH] CVE-2026-41292 ghc-unbounded-delays: Unbound: Denial of Service via excessive EDNS options [epel-all]
CVE-2026-41292 ghc-unbounded-delays: Unbound: Denial of Service via excessive EDNS options [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-41292 golang-github-grpc-ecosystem-gateway: Unbound: Denial of Service via excessive EDNS options [fedora-43]
bugzilla·2026-06-23·CVSS 7.5
CVE-2026-41292 [HIGH] CVE-2026-41292 golang-github-grpc-ecosystem-gateway: Unbound: Denial of Service via excessive EDNS options [fedora-43]
CVE-2026-41292 golang-github-grpc-ecosystem-gateway: Unbound: Denial of Service via excessive EDNS options [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-41292 unbound: Unbound: Denial of Service via excessive EDNS options [fedora-all]
bugzilla·2026-06-23·CVSS 7.5
CVE-2026-41292 [HIGH] CVE-2026-41292 unbound: Unbound: Denial of Service via excessive EDNS options [fedora-all]
CVE-2026-41292 unbound: Unbound: Denial of Service via excessive EDNS options [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-41292 unbound: Unbound: Denial of Service via excessive EDNS options [fedora-43]
bugzilla·2026-06-23·CVSS 7.5
CVE-2026-41292 [HIGH] CVE-2026-41292 unbound: Unbound: Denial of Service via excessive EDNS options [fedora-43]
CVE-2026-41292 unbound: Unbound: Denial of Service via excessive EDNS options [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-41292 unbound: Unbound: Denial of Service via excessive EDNS options [fedora-44]
bugzilla·2026-06-23·CVSS 7.5
CVE-2026-41292 [HIGH] CVE-2026-41292 unbound: Unbound: Denial of Service via excessive EDNS options [fedora-44]
CVE-2026-41292 unbound: Unbound: Denial of Service via excessive EDNS options [fedora-44]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-41292 netdata: Unbound: Denial of Service via excessive EDNS options [epel-all]
bugzilla·2026-06-23·CVSS 7.5
CVE-2026-41292 [HIGH] CVE-2026-41292 netdata: Unbound: Denial of Service via excessive EDNS options [epel-all]
CVE-2026-41292 netdata: Unbound: Denial of Service via excessive EDNS options [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-41292 lua-unbound: Unbound: Denial of Service via excessive EDNS options [epel-all]
bugzilla·2026-06-23·CVSS 7.5
CVE-2026-41292 [HIGH] CVE-2026-41292 lua-unbound: Unbound: Denial of Service via excessive EDNS options [epel-all]
CVE-2026-41292 lua-unbound: Unbound: Denial of Service via excessive EDNS options [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
CVE-2026-41292 refers to a vulnerability in unbound, not in lua-unbound. Please be more precise in the future when creating RHBZs.
Bugzilla
CVE-2026-41292 golang-github-grpc-ecosystem-gateway-2: Unbound: Denial of Service via excessive EDNS options [fedora-44]
bugzilla·2026-06-23·CVSS 7.5
CVE-2026-41292 [HIGH] CVE-2026-41292 golang-github-grpc-ecosystem-gateway-2: Unbound: Denial of Service via excessive EDNS options [fedora-44]
CVE-2026-41292 golang-github-grpc-ecosystem-gateway-2: Unbound: Denial of Service via excessive EDNS options [fedora-44]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-41292 ghc-unbounded-delays: Unbound: Denial of Service via excessive EDNS options [fedora-43]
bugzilla·2026-06-23·CVSS 7.5
CVE-2026-41292 [HIGH] CVE-2026-41292 ghc-unbounded-delays: Unbound: Denial of Service via excessive EDNS options [fedora-43]
CVE-2026-41292 ghc-unbounded-delays: Unbound: Denial of Service via excessive EDNS options [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-41292 golang-github-grpc-ecosystem-gateway-2: Unbound: Denial of Service via excessive EDNS options [fedora-43]
bugzilla·2026-06-23·CVSS 7.5
CVE-2026-41292 [HIGH] CVE-2026-41292 golang-github-grpc-ecosystem-gateway-2: Unbound: Denial of Service via excessive EDNS options [fedora-43]
CVE-2026-41292 golang-github-grpc-ecosystem-gateway-2: Unbound: Denial of Service via excessive EDNS options [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-41292 ghc-unbounded-delays: Unbound: Denial of Service via excessive EDNS options [fedora-44]
bugzilla·2026-06-23·CVSS 7.5
CVE-2026-41292 [HIGH] CVE-2026-41292 ghc-unbounded-delays: Unbound: Denial of Service via excessive EDNS options [fedora-44]
CVE-2026-41292 ghc-unbounded-delays: Unbound: Denial of Service via excessive EDNS options [fedora-44]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-41292 lua-unbound: Unbound: Denial of Service via excessive EDNS options [fedora-43]
bugzilla·2026-06-23·CVSS 7.5
CVE-2026-41292 [HIGH] CVE-2026-41292 lua-unbound: Unbound: Denial of Service via excessive EDNS options [fedora-43]
CVE-2026-41292 lua-unbound: Unbound: Denial of Service via excessive EDNS options [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
CVE-2026-41292 refers to a vulnerability in unbound, not in lua-unbound. Please be more precise in the future when creating RHBZs.
Bugzilla
CVE-2026-41292 unbound: Unbound: Denial of Service via excessive EDNS options
bugzilla·2026-05-20·CVSS 7.5
CVE-2026-41292 [HIGH] CVE-2026-41292 unbound: Unbound: Denial of Service via excessive EDNS options
CVE-2026-41292 unbound: Unbound: Denial of Service via excessive EDNS options
NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service attack related to parsing long lists of incoming EDNS options. An adversary sending queries with too many EDNS options can hold Unbound threads hostage while they are parsing and creating internal data structures for the options. Coordinated attacks can result in degradation and/or denial of service. Unbound 1.25.1 contains a patch with a fix to limit acceptable incoming EDNS options (100).
2026-05-20
Published