{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-41292","assignerOrgId":"206fc3a0-e175-490b-9eaa-a5738056c9f6","state":"PUBLISHED","assignerShortName":"NLnet Labs","dateReserved":"2026-05-07T10:13:43.992Z","datePublished":"2026-05-20T09:19:13.022Z","dateUpdated":"2026-06-30T12:08:48.358Z"},"containers":{"cna":{"title":"Long list of incoming EDNS options degrades performance","datePublic":"2026-05-20T00:00:00.000Z","affected":[{"vendor":"NLnet Labs","product":"Unbound","versions":[{"version":"0","status":"affected","lessThan":"1.25.1","versionType":"semver"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service attack related to parsing long lists of incoming EDNS options. An adversary sending queries with too many EDNS options can hold Unbound threads hostage while they are parsing and creating internal data structures for the options. Coordinated attacks can result in degradation and/or denial of service. Unbound 1.25.1 contains a patch with a fix to limit acceptable incoming EDNS options (100)."}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"version":"4.0","baseScore":6.6,"baseSeverity":"MEDIUM","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Red"}}],"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-407","description":"CWE-407: Inefficient Algorithmic Complexity","type":"CWE"},{"lang":"en","cweId":"CWE-770","description":"CWE-770: Allocation of Resources Without Limits or Throttling","type":"CWE"}]}],"solutions":[{"lang":"en","value":"This issue is fixed starting with version 1.25.1"}],"timeline":[{"time":"2026-01-11T00:00:00.000Z","lang":"en","value":"Issue reported by N0zoM1z0"},{"time":"2026-01-12T00:00:00.000Z","lang":"en","value":"NLnet Labs shares patch"},{"time":"2026-01-13T00:00:00.000Z","lang":"en","value":"N0zoM1z0 verifies patch"},{"time":"2026-04-26T00:00:00.000Z","lang":"en","value":"Issue also reported by Qifan Zhang"},{"time":"2026-04-28T00:00:00.000Z","lang":"en","value":"NLnet Labs shares same patch"},{"time":"2026-04-29T00:00:00.000Z","lang":"en","value":"Qifan Zhang verifies patch"},{"time":"2026-05-20T00:00:00.000Z","lang":"en","value":"Fixes released with version 1.25.1"}],"credits":[{"lang":"en","value":"GitHub user N0zoM1z0","type":"finder"},{"lang":"en","value":"Qifan Zhang (Palo Alto Networks)","type":"finder"}],"references":[{"url":"https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-41292.txt","tags":["vendor-advisory"]}],"providerMetadata":{"orgId":"206fc3a0-e175-490b-9eaa-a5738056c9f6","shortName":"NLnet Labs","dateUpdated":"2026-05-20T09:19:13.022Z"},"x_generator":{"engine":"cvelib 1.8.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-05-20T12:11:12.511786Z","id":"CVE-2026-41292","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-05-20T12:11:23.425Z"}},{"affected":[{"cpes":["cpe:/o:redhat:enterprise_linux:10"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux 10","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:6"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux 6","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:7"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux 7","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:8"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux 8","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:9"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:hummingbird:1"],"defaultStatus":"affected","product":"Red Hat Hardened Images","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift:4"],"defaultStatus":"affected","product":"Red Hat OpenShift Container Platform 4","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openstack:16.2"],"defaultStatus":"affected","product":"Red Hat OpenStack Platform 16.2","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openstack:17.1"],"defaultStatus":"affected","product":"Red Hat OpenStack Platform 17.1","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openstack:18.0"],"defaultStatus":"affected","product":"Red Hat OpenStack Platform 18.0","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:jboss_data_grid:8"],"defaultStatus":"unaffected","product":"Red Hat Data Grid 8","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:jbosseapxp"],"defaultStatus":"unaffected","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","vendor":"Red Hat"}],"datePublic":"2026-05-20T09:19:13.022Z","descriptions":[{"lang":"en","value":"A flaw was found in Unbound. A remote attacker can exploit this vulnerability by sending queries with an excessive number of EDNS (Extension Mechanisms for DNS) options. This can cause Unbound threads to be held hostage while parsing and creating internal data structures for these options. Coordinated attacks can lead to resource exhaustion, resulting in a degradation of service or a denial of service (DoS) for legitimate users."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-1050","description":"Excessive Platform Resource Consumption within a Loop","lang":"en","type":"CWE"}]}],"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-41292"},{"name":"RHBZ#2480125","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2480125"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41292.json"}],"timeline":[{"lang":"en","time":"2026-05-20T10:00:54.433Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-05-20T09:19:13.022Z","value":"Made public."}],"title":"unbound: Unbound: Denial of Service via excessive EDNS options","x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"},"providerMetadata":{"orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP","dateUpdated":"2026-06-30T12:08:48.358Z"}}]}}