{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-41292", "assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6", "state": "PUBLISHED", "assignerShortName": "NLnet Labs", "dateReserved": "2026-05-07T10:13:43.992Z", "datePublished": "2026-05-20T09:19:13.022Z", "dateUpdated": "2026-05-20T12:11:23.425Z"}, "containers": {"cna": {"title": "Long list of incoming EDNS options degrades performance", "datePublic": "2026-05-20T00:00:00.000Z", "affected": [{"vendor": "NLnet Labs", "product": "Unbound", "versions": [{"version": "0", "status": "affected", "lessThan": "1.25.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service attack related to parsing long lists of incoming EDNS options. An adversary sending queries with too many EDNS options can hold Unbound threads hostage while they are parsing and creating internal data structures for the options. Coordinated attacks can result in degradation and/or denial of service. Unbound 1.25.1 contains a patch with a fix to limit acceptable incoming EDNS options (100)."}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"version": "4.0", "baseScore": 6.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Red"}}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-407", "description": "CWE-407: Inefficient Algorithmic Complexity", "type": "CWE"}, {"lang": "en", "cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "type": "CWE"}]}], "solutions": [{"lang": "en", "value": "This issue is fixed starting with version 1.25.1"}], "timeline": [{"time": "2026-01-11T00:00:00.000Z", "lang": "en", "value": "Issue reported by N0zoM1z0"}, {"time": "2026-01-12T00:00:00.000Z", "lang": "en", "value": "NLnet Labs shares patch"}, {"time": "2026-01-13T00:00:00.000Z", "lang": "en", "value": "N0zoM1z0 verifies patch"}, {"time": "2026-04-26T00:00:00.000Z", "lang": "en", "value": "Issue also reported by Qifan Zhang"}, {"time": "2026-04-28T00:00:00.000Z", "lang": "en", "value": "NLnet Labs shares same patch"}, {"time": "2026-04-29T00:00:00.000Z", "lang": "en", "value": "Qifan Zhang verifies patch"}, {"time": "2026-05-20T00:00:00.000Z", "lang": "en", "value": "Fixes released with version 1.25.1"}], "credits": [{"lang": "en", "value": "GitHub user N0zoM1z0", "type": "finder"}, {"lang": "en", "value": "Qifan Zhang (Palo Alto Networks)", "type": "finder"}], "references": [{"url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-41292.txt", "tags": ["vendor-advisory"]}], "providerMetadata": {"orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6", "shortName": "NLnet Labs", "dateUpdated": "2026-05-20T09:19:13.022Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-20T12:11:12.511786Z", "id": "CVE-2026-41292", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-20T12:11:23.425Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-41292", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-05-20T12:11:12.511786Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-20T12:11:18.415Z"}}], "cna": {"title": "Long list of incoming EDNS options degrades performance", "credits": [{"lang": "en", "type": "finder", "value": "GitHub user N0zoM1z0"}, {"lang": "en", "type": "finder", "value": "Qifan Zhang (Palo Alto Networks)"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 6.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Red"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NLnet Labs", "product": "Unbound", "versions": [{"status": "affected", "version": "0", "lessThan": "1.25.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-01-11T00:00:00.000Z", "value": "Issue reported by N0zoM1z0"}, {"lang": "en", "time": "2026-01-12T00:00:00.000Z", "value": "NLnet Labs shares patch"}, {"lang": "en", "time": "2026-01-13T00:00:00.000Z", "value": "N0zoM1z0 verifies patch"}, {"lang": "en", "time": "2026-04-26T00:00:00.000Z", "value": "Issue also reported by Qifan Zhang"}, {"lang": "en", "time": "2026-04-28T00:00:00.000Z", "value": "NLnet Labs shares same patch"}, {"lang": "en", "time": "2026-04-29T00:00:00.000Z", "value": "Qifan Zhang verifies patch"}, {"lang": "en", "time": "2026-05-20T00:00:00.000Z", "value": "Fixes released with version 1.25.1"}], "solutions": [{"lang": "en", "value": "This issue is fixed starting with version 1.25.1"}], "datePublic": "2026-05-20T00:00:00.000Z", "references": [{"url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-41292.txt", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service attack related to parsing long lists of incoming EDNS options. An adversary sending queries with too many EDNS options can hold Unbound threads hostage while they are parsing and creating internal data structures for the options. Coordinated attacks can result in degradation and/or denial of service. Unbound 1.25.1 contains a patch with a fix to limit acceptable incoming EDNS options (100)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-407", "description": "CWE-407: Inefficient Algorithmic Complexity"}, {"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6", "shortName": "NLnet Labs", "dateUpdated": "2026-05-20T09:19:13.022Z"}}}, "cveMetadata": {"cveId": "CVE-2026-41292", "state": "PUBLISHED", "dateUpdated": "2026-05-20T12:11:23.425Z", "dateReserved": "2026-05-07T10:13:43.992Z", "assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6", "datePublished": "2026-05-20T09:19:13.022Z", "assignerShortName": "NLnet Labs"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*", "matchCriteriaId": "45EC9AEF-23EC-4ECC-A769-18DF07B2CAEC", "versionEndExcluding": "1.25.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service attack related to parsing long lists of incoming EDNS options. An adversary sending queries with too many EDNS options can hold Unbound threads hostage while they are parsing and creating internal data structures for the options. Coordinated attacks can result in degradation and/or denial of service. Unbound 1.25.1 contains a patch with a fix to limit acceptable incoming EDNS options (100)."}], "id": "CVE-2026-41292", "lastModified": "2026-05-20T22:49:46.850", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "UNREPORTED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "RED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "sep@nlnetlabs.nl", "type": "Secondary"}]}, "published": "2026-05-20T10:16:27.327", "references": [{"source": "sep@nlnetlabs.nl", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-41292.txt"}], "sourceIdentifier": "sep@nlnetlabs.nl", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-407"}, {"lang": "en", "value": "CWE-770"}], "source": "sep@nlnetlabs.nl", "type": "Secondary"}]}

{}

{"created": "2026-05-20T11:30:26.139787+00:00", "updated": "2026-05-20T11:30:26.139797+00:00", "vendors": []}