dns denial of service

CVE-2026-44390 is a newly published denial-of-service vulnerability in NLnet Labs Unbound, disclosed in May 2026 and mirrored by Microsoft’s Security Update Guide, where specially crafted DNS responses can force excessive name-compression work and degrade resolver availability rather than fully...

CVE-2026-42959 is a denial-of-service vulnerability disclosed in May 2026 in NLnet Labs Unbound, where malicious upstream DNSSEC validation content can crash the resolver and interrupt DNS service for clients that depend on it. The practical story is not remote code execution or data theft; it...

CVE-2026-5946 is a high-severity denial-of-service vulnerability disclosed on May 20, 2026, in ISC BIND 9’s named DNS server, where specially crafted non-Internet-class DNS messages can trigger assertion failures and crash affected authoritative or recursive DNS services. The bug is not...

CVE-2026-3039 is a high-severity remote denial-of-service flaw disclosed on May 20, 2026, in ISC BIND 9, where servers using GSS-API TKEY authentication can leak memory while processing maliciously crafted negotiation packets, eventually exhausting named and breaking DNS service. The bug is not...