unbound dns

CVE-2026-44390 is a newly published denial-of-service vulnerability in NLnet Labs Unbound, disclosed in May 2026 and mirrored by Microsoft’s Security Update Guide, where specially crafted DNS responses can force excessive name-compression work and degrade resolver availability rather than fully...

NLnet Labs disclosed CVE-2026-42944 on May 20, 2026, as a high-severity Unbound DNS resolver vulnerability affecting versions 1.14.0 through 1.25.0, where crafted queries containing multiple NSID, DNS Cookie, and EDNS Padding options can trigger a heap overflow and crash the service. The fix is...

CVE-2026-42534 is a medium-severity vulnerability disclosed on May 20, 2026, in NLnet Labs Unbound versions up to and including 1.25.0, where repeated duplicate DNS queries can bypass the resolver’s jostle logic and degrade resolution performance for clients relying on it as recursive DNS...

On May 20, 2026, NLnet Labs disclosed CVE-2026-41292, a remotely reachable denial-of-service vulnerability in Unbound versions up to and including 1.25.0, where DNS queries carrying unusually long EDNS option lists can consume resolver thread time and degrade or deny service. The fix arrived in...

CVE-2026-44608 is a denial-of-service vulnerability disclosed in May 2026 in NLnet Labs Unbound 1.14.0 through 1.25.0, triggered under specific multi-threaded Response Policy Zone transfer conditions and fixed in Unbound 1.25.1. The bug is not a Windows kernel flaw, not a typical Microsoft Patch...

CVE-2026-32792 is a newly published denial-of-service flaw in NLnet Labs Unbound, disclosed on May 20, 2026, affecting versions 1.6.2 through 1.25.0 when the resolver is built with DNSCrypt support and exposed to a malformed encrypted DNS query. The bug is not a Windows vulnerability in the...