CVE-2026-41292 — HIGH (7.5)

Q: How severe is CVE-2026-41292?

CVE-2026-41292 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-41292?

Check the references section above for vendor advisories and patch information. Affected products include: Nlnetlabs Unbound.

Vulnerability Description

NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service attack related to parsing long lists of incoming EDNS options. An adversary sending queries with too many EDNS options can hold Unbound threads hostage while they are parsing and creating internal data structures for the options. Coordinated attacks can result in degradation and/or denial of service. Unbound 1.25.1 contains a patch with a fix to limit acceptable incoming EDNS options (100).

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Nlnetlabs	Unbound	< 1.25.1

Related Weaknesses (CWE)

CWE-770 CWE-407

References

https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-41292.txtMitigationVendor Advisory

FAQ

What is CVE-2026-41292?

CVE-2026-41292 is a vulnerability with a CVSS score of 7.5 (HIGH). NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service attack related to parsing long lists of incoming EDNS options. An adversary sending queries with too man...

How severe is CVE-2026-41292?

CVE-2026-41292 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-41292?

Check the references section above for vendor advisories and patch information. Affected products include: Nlnetlabs Unbound.