Every CVE whose affected-product data names Nlnetlabs Unbound, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (41)
CVE-2026-42960 — CVSS 10.0 (critical): NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section…
CVE-2019-25033 — CVSS 9.8 (critical): Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a…
CVE-2026-33278 — CVSS 9.8 (critical): NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and…
CVE-2019-25042 — CVSS 9.8 (critical): Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a…
CVE-2019-25039 — CVSS 9.8 (critical): Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. NOTE: The vendor disputes that this is a…
CVE-2019-25038 — CVSS 9.8 (critical): Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a…
CVE-2019-25035 — CVSS 9.8 (critical): Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability…
CVE-2019-25032 — CVSS 9.8 (critical): Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a…
CVE-2019-25034 — CVSS 9.8 (critical): Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor…
CVE-2009-3602 — CVSS 7.5 (high): Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegations to be…
CVE-2019-16866 — CVSS 7.5 (high): Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source…
CVE-2019-25036 — CVSS 7.5 (high): Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a…
CVE-2019-25037 — CVSS 7.5 (high): Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes…
CVE-2019-25040 — CVSS 7.5 (high): Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a…
CVE-2019-25041 — CVSS 7.5 (high): Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a…
CVE-2020-10772 — CVSS 7.5 (high): An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable…
CVE-2020-12662 — CVSS 7.5 (high): Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains…
CVE-2020-12663 — CVSS 7.5 (high): Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.
CVE-2022-3204 — CVSS 7.5 (high): A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The…
CVE-2023-50387 — CVSS 7.5 (high): Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of…
CVE-2024-1931 — CVSS 7.5 (high): NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain…
CVE-2026-40622 — CVSS 7.5 (high): NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vulnerability of the 'ghost domain names' family of attacks that could…
CVE-2026-41292 — CVSS 7.5 (high): NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service attack related to parsing long lists of…
CVE-2026-42944 — CVSS 7.5 (high): NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID…
CVE-2026-42959 — CVSS 7.5 (high): NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a…
CVE-2019-18934 — CVSS 7.3 (high): Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially…
CVE-2022-30699 — CVSS 6.5 (medium): NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability…
CVE-2022-30698 — CVSS 6.5 (medium): NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability…
CVE-2019-25031 — CVSS 5.9 (medium): Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a…
CVE-2026-44608 — CVSS 5.9 (medium): NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are met…
CVE-2020-28935 — CVSS 5.5 (medium): NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local…
CVE-2017-15105 — CVSS 5.3 (medium): A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record…
CVE-2024-8508 — CVSS 5.3 (medium): NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs…
CVE-2026-42534 — CVSS 5.3 (medium): NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the jostle logic that could defeat its purpose and degrade…
CVE-2026-32792 — CVSS 5.3 (medium): NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a denial of service vulnerability when compiled with DNSCrypt support…
CVE-2026-42923 — CVSS 5.3 (medium): NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the DNSSEC validator where the code path to consult the…
CVE-2026-44390 — CVSS 5.3 (medium): NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability when handling replies with very large RRsets that Unbound needs…
CVE-2010-0969 — CVSS 5.0 (medium): Unbound before 1.4.3 does not properly align structures on 64-bit platforms, which allows remote attackers to cause a denial of service…
CVE-2009-4008 — CVSS 5.0 (medium): Unbound before 1.4.4 does not send responses for signed zones after mishandling an unspecified query, which allows remote attackers to…
CVE-2011-1922 — CVSS 4.3 (medium): daemon/worker.c in Unbound 1.x before 1.4.10, when debugging functionality and the interface-automatic option are enabled, allows remote…
CVE-2014-8602 — CVSS 4.3 (medium): iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of…