CVEFinder.io

CVE-2026-42534

🔶 medium
🔍 Scan for this CVE
Summary

NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the jostle logic that could defeat its purpose and degrade resolution performance. Retransmits of the same query could renew the age of slow running queries and not allow the jostle logic to see them as aged and potential targets for replacement with new queries. An adversary who can query a vulnerable Unbound and who can control a domain name server that replies slowly and/or maliciously to Unbound's queries can exploi

Description

NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the jostle logic that could defeat its purpose and degrade resolution performance. Retransmits of the same query could renew the age of slow running queries and not allow the jostle logic to see them as aged and potential targets for replacement with new queries. An adversary who can query a vulnerable Unbound and who can control a domain name server that replies slowly and/or maliciously to Unbound's queries can exploit the vulnerability and degrade the resolution performance of Unbound. When Unbound's 'num-queries-per-thread' reaches its limit, the jostle logic kicks in. When a new query comes in, half of the available queries that are also slow to resolve are candidates for replacement. The vulnerability then happens because duplicate queries that need resolution would skew the aging result by using the timestamp of the latest duplicate query instead of the original one that started the resolution effort. Cache and local data response performance remains unaffected. Coordinated attacks could raise this to a denial of resolution service. Unbound 1.25.1 contains a patch with a fix to attach an initial, non-updatable start time for incoming queries that allow the jostle logic to work as intended.

CVSS Score
5.3
Medium
EPSS Score
0.1
Exploit Probability
Published Date
2026-05-20
First Seen: 2026-05-21
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 19.7% of all 328,009 vulnerabilities in our database.

#263,349
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 20, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
YES
Can be exploited automatically
💥 Technical Impact
Partial
Limited system impact
🏆 Discovered By
Qifan Zhang (Palo Alto Networks)
SSVC data provided by CISA
Last Modified 2026-05-20
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVSS Vector 4.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber
CWE IDs (Weakness Types)
CWE-440

📦 Affected Products 1

Vendor Product Status Affected Versions
nlnetlabs unbound Affected
< 1.25.1

🔗 References 1

https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-...
Mitigation Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-32792 🔶 medium 5.3 0.1 NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a denial of service vulnerability when compiled with DNS... 2026-05-20
CVE-2026-33278 ⛔ critical 9.8 0.3 NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables de... 2026-05-20
CVE-2026-40622 ⚠️ high 7.5 0.0 NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vulnerability of the 'ghost domain names' family of a... 2026-05-20
CVE-2026-41292 ⚠️ high 7.5 0.1 NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service attack related to parsin... 2026-05-20
CVE-2026-42923 🔶 medium 5.3 0.1 NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the DNSSEC validator where the code path to... 2026-05-20
CVE-2026-42944 ⚠️ high 7.5 0.1 NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when enco... 2026-05-20
These CVEs affect the same products