You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2026-41292
About this tag
CVE-2026-41292 is a remotely reachable denial-of-service vulnerability in Unbound DNS resolver versions up to and including 1.25.0, disclosed by NLnet Labs on May 20, 2026. The flaw allows DNS queries with unusually long EDNS option lists to consume resolver thread time, potentially degrading or denying service. The fix was released in Unbound 1.25.1. For Windows environments that rely on Unbound in appliances, Linux VMs, containers, gateways, or split-DNS designs, this vulnerability can cause name resolution failures that mimic network outages. This tag covers discussions about the CVE-2026-41292 vulnerability, its impact on Windows DNS infrastructure, and mitigation steps including updating to Unbound 1.25.1.
On May 20, 2026, NLnet Labs disclosed CVE-2026-41292, a remotely reachable denial-of-service vulnerability in Unbound versions up to and including 1.25.0, where DNS queries carrying unusually long EDNS option lists can consume resolver thread time and degrade or deny service. The fix arrived in...