{"api_version":"1","generated_at":"2026-05-28T04:28:55+00:00","cve":"CVE-2026-41292","urls":{"html":"https://cve.report/CVE-2026-41292","api":"https://cve.report/api/cve/CVE-2026-41292.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-41292","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-41292"},"summary":{"title":"Long list of incoming EDNS options degrades performance","description":"NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service attack related to parsing long lists of incoming EDNS options. An adversary sending queries with too many EDNS options can hold Unbound threads hostage while they are parsing and creating internal data structures for the options. Coordinated attacks can result in degradation and/or denial of service. Unbound 1.25.1 contains a patch with a fix to limit acceptable incoming EDNS options (100).","state":"PUBLISHED","assigner":"NLnet Labs","published_at":"2026-05-20 10:16:27","updated_at":"2026-05-20 22:49:46"},"problem_types":["CWE-407","CWE-770","CWE-407 CWE-407: Inefficient Algorithmic Complexity","CWE-770 CWE-770: Allocation of Resources Without Limits or Throttling"],"metrics":[{"version":"4.0","source":"sep@nlnetlabs.nl","type":"Secondary","score":"6.6","severity":"MEDIUM","vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"RED"}},{"version":"4.0","source":"CNA","type":"CVSS","score":"6.6","severity":"MEDIUM","vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Red","data":{"baseScore":6.6,"baseSeverity":"MEDIUM","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Red","version":"4.0"}},{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"}}],"references":[{"url":"https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-41292.txt","name":"https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-41292.txt","refsource":"sep@nlnetlabs.nl","tags":["Mitigation","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-41292","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41292","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"NLnet Labs","product":"Unbound","version":"affected 1.25.1 semver","platforms":[]}],"timeline":[{"source":"CNA","time":"2026-01-11T00:00:00.000Z","lang":"en","value":"Issue reported by N0zoM1z0"},{"source":"CNA","time":"2026-01-12T00:00:00.000Z","lang":"en","value":"NLnet Labs shares patch"},{"source":"CNA","time":"2026-01-13T00:00:00.000Z","lang":"en","value":"N0zoM1z0 verifies patch"},{"source":"CNA","time":"2026-04-26T00:00:00.000Z","lang":"en","value":"Issue also reported by Qifan Zhang"},{"source":"CNA","time":"2026-04-28T00:00:00.000Z","lang":"en","value":"NLnet Labs shares same patch"},{"source":"CNA","time":"2026-04-29T00:00:00.000Z","lang":"en","value":"Qifan Zhang verifies patch"},{"source":"CNA","time":"2026-05-20T00:00:00.000Z","lang":"en","value":"Fixes released with version 1.25.1"}],"solutions":[{"source":"CNA","title":"","value":"This issue is fixed starting with version 1.25.1","time":"","lang":"en"}],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"GitHub user N0zoM1z0","lang":"en"},{"source":"CNA","value":"Qifan Zhang (Palo Alto Networks)","lang":"en"}],"nvd_cpes":[{"cve_year":"2026","cve_id":"41292","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"nlnetlabs","cpe5":"unbound","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"41292","cve":"CVE-2026-41292","epss":"0.000750000","percentile":"0.225380000","score_date":"2026-05-27","updated_at":"2026-05-28 00:02:13"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-41292","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-05-20T12:11:12.511786Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-05-20T12:11:23.425Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Unbound","vendor":"NLnet Labs","versions":[{"lessThan":"1.25.1","status":"affected","version":"0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"GitHub user N0zoM1z0"},{"lang":"en","type":"finder","value":"Qifan Zhang (Palo Alto Networks)"}],"datePublic":"2026-05-20T00:00:00.000Z","descriptions":[{"lang":"en","value":"NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service attack related to parsing long lists of incoming EDNS options. An adversary sending queries with too many EDNS options can hold Unbound threads hostage while they are parsing and creating internal data structures for the options. Coordinated attacks can result in degradation and/or denial of service. Unbound 1.25.1 contains a patch with a fix to limit acceptable incoming EDNS options (100)."}],"metrics":[{"cvssV4_0":{"baseScore":6.6,"baseSeverity":"MEDIUM","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Red","version":"4.0"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-407","description":"CWE-407: Inefficient Algorithmic Complexity","lang":"en","type":"CWE"},{"cweId":"CWE-770","description":"CWE-770: Allocation of Resources Without Limits or Throttling","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-05-20T09:19:13.022Z","orgId":"206fc3a0-e175-490b-9eaa-a5738056c9f6","shortName":"NLnet Labs"},"references":[{"tags":["vendor-advisory"],"url":"https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-41292.txt"}],"solutions":[{"lang":"en","value":"This issue is fixed starting with version 1.25.1"}],"timeline":[{"lang":"en","time":"2026-01-11T00:00:00.000Z","value":"Issue reported by N0zoM1z0"},{"lang":"en","time":"2026-01-12T00:00:00.000Z","value":"NLnet Labs shares patch"},{"lang":"en","time":"2026-01-13T00:00:00.000Z","value":"N0zoM1z0 verifies patch"},{"lang":"en","time":"2026-04-26T00:00:00.000Z","value":"Issue also reported by Qifan Zhang"},{"lang":"en","time":"2026-04-28T00:00:00.000Z","value":"NLnet Labs shares same patch"},{"lang":"en","time":"2026-04-29T00:00:00.000Z","value":"Qifan Zhang verifies patch"},{"lang":"en","time":"2026-05-20T00:00:00.000Z","value":"Fixes released with version 1.25.1"}],"title":"Long list of incoming EDNS options degrades performance","x_generator":{"engine":"cvelib 1.8.0"}}},"cveMetadata":{"assignerOrgId":"206fc3a0-e175-490b-9eaa-a5738056c9f6","assignerShortName":"NLnet Labs","cveId":"CVE-2026-41292","datePublished":"2026-05-20T09:19:13.022Z","dateReserved":"2026-05-07T10:13:43.992Z","dateUpdated":"2026-05-20T12:11:23.425Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-20 10:16:27","lastModifiedDate":"2026-05-20 22:49:46","problem_types":["CWE-407","CWE-770","CWE-407 CWE-407: Inefficient Algorithmic Complexity","CWE-770 CWE-770: Allocation of Resources Without Limits or Throttling"],"metrics":{"cvssMetricV40":[{"source":"sep@nlnetlabs.nl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"RED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*","versionEndExcluding":"1.25.1","matchCriteriaId":"45EC9AEF-23EC-4ECC-A769-18DF07B2CAEC"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"41292","Ordinal":"1","Title":"Long list of incoming EDNS options degrades performance","CVE":"CVE-2026-41292","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"41292","Ordinal":"1","NoteData":"NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service attack related to parsing long lists of incoming EDNS options. An adversary sending queries with too many EDNS options can hold Unbound threads hostage while they are parsing and creating internal data structures for the options. Coordinated attacks can result in degradation and/or denial of service. Unbound 1.25.1 contains a patch with a fix to limit acceptable incoming EDNS options (100).","Type":"Description","Title":"Long list of incoming EDNS options degrades performance"}]}}}