Unbound
This hub aggregates every CVE we track for Unbound, a product in the networking infrastructure space. Use it to gauge the current risk picture and drill into individual advisories.
50
CVEs tracked
9
Critical
22
High
0
In CISA KEV
Severity distribution
HIGH22MEDIUM18CRITICAL9LOW1
Monthly trend
0
2
0
1
0
0
0
0
0
0
0
0
1
0
0
1
0
0
0
0
0
0
11
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Unbound.
- CVE-2026-44608Use after free and crash under special conditions in RPZ code5.9
- CVE-2026-44390Unbounded name compression in certain cases causes degradation of service5.3
- CVE-2026-42960Possible cache poisoning via promiscuous records for the authority section10.0
- CVE-2026-42959Crash during DNSSEC validation of malicious content7.5
- CVE-2026-42944Heap overflow with multiple NSID, COOKIE, PADDING EDNS options7.5
- CVE-2026-42923Degradation of service with unbounded NSEC3 hash calculations5.3
- CVE-2026-42534Jostle logic bypass degrades resolution performance5.3
- CVE-2026-41292Long list of incoming EDNS options degrades performance7.5
- CVE-2026-40622Another 'ghost domain names' attack variant7.5
- CVE-2026-33278Possible arbitrary code execution during DNSSEC validation9.8
- CVE-2026-32792Packet of death with DNSCrypt5.3
- CVE-2025-11411Possible domain hijacking via promiscuous records in the authority section7.4
- CVE-2025-5994Cache poisoning via the ECS-enabled Rebirthday Attack7.5
- CVE-2024-8508Unbounded name compression could lead to Denial of Service5.3
- CVE-2024-43168Unbound: heap-buffer-overflow in unbound4.8
Product normalization is registry-driven with AI assist and human review. How it works