Nlnet Labs Unbound vulnerabilities
18 known vulnerabilities affecting nlnet_labs/unbound.
Total CVEs
18
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH7MEDIUM10
Vulnerabilities
Page 1 of 1
CVE-2026-33278P2CRITICALCVSS 9.8≥ 1.19.1, < 1.25.12026-05-20
CVE-2026-33278 [CRITICAL] CWE-416 CVE-2026-33278: NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC valid
NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the vulnerability by controlling a malicious signed zone
nvd
CVE-2026-42944P3HIGHCVSS 7.5≥ 1.14.0, < 1.25.12026-05-20
CVE-2026-42944 [HIGH] CWE-197 CVE-2026-42944: NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in hea
NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in the reply packet. The relevant options ('nsid', 'answer-cookie', 'pad-responses' (default)) need to be enabled for the vulnerability to be exploited. An adversa
nvd
CVE-2025-5994P3HIGHCVSS 8.7≥ 1.6.2, < 1.23.02025-07-16
CVE-2025-5994 [HIGH] CWE-349 CVE-2025-5994: A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in cachin
A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet (ECS). Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information along with queries to upstream name servers, i.e., at least one of the 'send-clie
nvd
CVE-2026-40622P3HIGHCVSS 7.5≥ 1.16.2, < 1.25.12026-05-20
CVE-2026-40622 [HIGH] CWE-346 CVE-2026-40622: NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vulnerability of the 'ghost domai
NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vulnerability of the 'ghost domain names' family of attacks that could extend the ghost domain window by up to one cached TTL configured value. Similar to other 'ghost domain names' attacks, an adversary needs to control a (ghost) zone and be able to query a vulnerable Unbound. A singl
nvd
CVE-2024-1931P3HIGHCVSS 7.5≥ 1.18.0, < 1.19.22024-03-07
CVE-2024-1931 [HIGH] CWE-835 CVE-2024-1931: NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that ca
NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain code path that can lead to an infinite loop. Unbound 1.18.0 introduced a feature that removes EDE records from responses with size higher than the client's advertised buffer size. Before removing all the EDE records
nvd
CVE-2026-42959P3HIGHCVSS 7.5fixed in 1.25.12026-05-20
CVE-2026-42959 [HIGH] CWE-824 CVE-2026-42959: NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the D
NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to calculate write offsets for ADDITIONAL section rrsets. DNAME duplication could inc
nvd
CVE-2026-41292P3HIGHCVSS 7.5fixed in 1.25.12026-05-20
CVE-2026-41292 [HIGH] CWE-407 CVE-2026-41292: NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service atta
NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service attack related to parsing long lists of incoming EDNS options. An adversary sending queries with too many EDNS options can hold Unbound threads hostage while they are parsing and creating internal data structures for the options. Coordinated attacks can res
nvd
CVE-2022-3204P3HIGHCVSS 7.5≥ unspecified, ≤ 1.16.22022-09-26
CVE-2022-3204 [HIGH] CWE-400 CVE-2022-3204: A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered i
A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies on those unresponsive nameservers.
nvd
CVE-2022-30699P3MEDIUMCVSS 6.5≥ unspecified, ≤ 1.16.12022-08-01
CVE-2022-30699 [MEDIUM] CWE-613 CVE-2022-30699: NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost
NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation
nvd
CVE-2022-30698P4MEDIUMCVSS 6.5≥ unspecified, ≤ 1.16.12022-08-01
CVE-2022-30698 [MEDIUM] CWE-613 CVE-2022-30698: NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost d
NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates Unbound's delegation cache. Th
nvd
CVE-2026-44608P4MEDIUMCVSS 5.9≥ 1.14.0, < 1.25.12026-05-20
CVE-2026-44608 [MEDIUM] CWE-413 CVE-2026-44608: NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerabili
NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are met (multi-threaded, RPZ XFR reload, RPZ zone with 'rpz-nsip'/'rpz-nsdname' triggers) it could result in heap use-after-free and eventual crash. An adversary can exploit the vulnerability if conditions are first met
nvd
CVE-2026-42534P4MEDIUMCVSS 5.3fixed in 1.25.12026-05-20
CVE-2026-42534 [MEDIUM] CWE-440 CVE-2026-42534: NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the jostle logic that c
NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the jostle logic that could defeat its purpose and degrade resolution performance. Retransmits of the same query could renew the age of slow running queries and not allow the jostle logic to see them as aged and potential targets for replacement with new queries. An adversa
nvd
CVE-2026-32792P4MEDIUMCVSS 5.3≥ 1.6.2, < 1.25.12026-05-20
CVE-2026-32792 [MEDIUM] CWE-125 CVE-2026-32792: NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a denial of service vulnerability wh
NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a denial of service vulnerability when compiled with DNSCrypt support ('--enable-dnscrypt'). A bad DNSCrypt query could underflow Unbound's DNSCrypt packet reading procedure that may lead to heap overflow. A malicious actor can exploit the vulnerability with a single bad DNSCrypt query
nvd
CVE-2025-11411P4MEDIUMCVSS 5.7fixed in 1.25.12025-10-22
CVE-2025-11411 [MEDIUM] CWE-349 CVE-2025-11411: NLnet Labs Unbound up to and including version 1.24.1 is vulnerable to possible domain hijack attack
NLnet Labs Unbound up to and including version 1.24.1 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to trick resolvers to update their delegation information for the zone. Usually these RRSets are used to update the resolver's knowledge of the zone's n
nvd
CVE-2024-8508P4MEDIUMCVSS 5.3fixed in 1.25.12024-10-03
CVE-2024-8508 [MEDIUM] CWE-606 CVE-2024-8508: NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies
NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded perform
nvd
CVE-2026-42923P4MEDIUMCVSS 5.3fixed in 1.25.12026-05-20
CVE-2026-42923 [MEDIUM] CWE-407 CVE-2026-42923: NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the DNSSEC validator wh
NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the DNSSEC validator where the code path to consult the negative cache for DS records does not take into account the limit on NSEC3 hash calculations introduced in 1.19.1. This leads to degradation of service during the attack. An adversary that controls a DNSSEC signed zon
nvd
CVE-2017-15105P4MEDIUMCVSS 5.3vbefore 1.6.82018-01-23
CVE-2017-15105 [MEDIUM] CWE-358 CVE-2017-15105: A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An imp
A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.
nvd
CVE-2020-28935P4MEDIUMCVSS 5.5≤ 1.12.02020-12-07
CVE-2020-28935 [MEDIUM] CWE-59 CVE-2020-28935: NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including vers
NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would
nvd