{"vulnerability": "CVE-2026-33278", "sightings": [{"uuid": "dca600d0-efe1-4d2d-9b34-ab8570f35c73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-33278", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116606436980367840", "content": "\ud83d\udd25 CVE-2026-33278: Critical use-after-free in NLnet Labs Unbound (1.19.1 \u2013 1.25.0). DNSSEC validator flaw can lead to DoS or RCE if attacker controls DNS zone. Patch: upgrade to 1.25.1. https://radar.offseq.com/threat/cve-2026-33278-cwe-416-use-after-free-in-nlnet-lab-c0de645d #OffSeq #DNSSEC #Vuln #Infosec", "creation_timestamp": "2026-05-20T10:30:25.985875Z"}, {"uuid": "a31f11c0-2762-429b-ab9e-e8487293b736", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-33278", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mmbp6fht2k22", "content": "Unbound DNS CRITICAL flaw: Use-after-free bug (v1.19.1 \u2013 1.25.0) lets attackers cause crashes or RCE via malicious DNS zones. Upgrade to 1.25.1 now! https://radar.offseq.com/threat/cve-2026-33278-cwe-416-use-after-free-in-nlnet-lab-c0de645d #OffSeq #DNSSEC #Unbound", "creation_timestamp": "2026-05-20T10:30:27.766093Z"}, {"uuid": "2b596ab8-e3e2-4d32-bc49-f96ac1d39465", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33278", "type": "seen", "source": "https://social.nlnetlabs.nl/users/nlnetlabs/statuses/116606458492280712", "content": "\ud83d\udea8 SECURITY RELEASE \ud83d\udea8Today we released Unbound 1.25.1, which consolidates security fixes for issues reported over a period of time. \nThere are fixes for CVE-2026-33278, CVE-2026-42944, CVE-2026-42959, CVE-2026-32792, CVE-2026-40622, CVE-2026-41292, CVE-2026-42534, CVE-2026-42923, CVE-2026-42960, CVE-2026-44390 and CVE-2026-44608.\nPlease read the release notes carefully and plan to upgrade. \n#DNS #DNSSEC #Mythos #LLM #OpenSource \nhttps://community.nlnetlabs.nl/t/unbound-1-25-1-released/3392", "creation_timestamp": "2026-05-20T10:36:24.235988Z"}, {"uuid": "d37730b7-6eb7-48af-9291-ec0def804675", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33278", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmbrkbcvja2v", "content": "CVE-2026-33278 - Possible arbitrary code execution during DNSSEC validation\nCVE ID : CVE-2026-33278\n \n Published : May 20, 2026, 9:18 a.m. | 56\u00a0minutes ago\n \n Description : NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator...", "creation_timestamp": "2026-05-20T11:12:53.346072Z"}, {"uuid": "b72c9710-3698-43c5-b519-452a1b098304", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33278", "type": "seen", "source": "https://bsky.app/profile/releaseport.com/post/3mmdde3txik23", "content": "unbound release-1.25.1 patches CVE-2026-33278\nFixes RCE vulnerability during DNSSEC validation and heap overflow with EDNS options.\nUpgrade carefully.\n\n\u2192 releaseport.com/r/nlnetlabs-unbound/release-1-25-1", "creation_timestamp": "2026-05-21T02:04:13.663473Z"}, {"uuid": "f86b0945-b6c4-4927-81b4-4cd431fc0d10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-33278", "type": "seen", "source": "https://cyber.gc.ca/en/alerts-advisories/cpanel-security-advisory-av26-499", "content": "", "creation_timestamp": "2026-05-22T08:44:53.000000Z"}, {"uuid": "ec7a5c40-8335-44ff-9ddb-f5ad3ef36f9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33278", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mmjzp5qhya2w", "content": "\ud83d\udd34 CVE-2026-33278 - Critical (9.8)\n\nNLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC va...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-33278/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-23T18:02:11.053277Z"}, {"uuid": "35b764e8-774d-4bd9-ba3a-9bd6b2906e8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33278", "type": "seen", "source": "https://bsky.app/profile/shiojiri.com/post/3mmnu42awvc2n", "content": "Unbound\u306e\u8106\u5f31\u6027\u60c5\u5831\u304c\u516c\u958b\u3055\u308c\u307e\u3057\u305f\uff08CVE-2026-33278\u3001\u4ed610\u4ef6\uff09 https://jprs.jp/tech/security/2026-05-25-unbound.html", "creation_timestamp": "2026-05-25T06:30:34.227957Z"}]}