Vulnerability-Lookup

RHSA-2026:20357

Vulnerability from csaf_redhat - Published: 2026-05-23 20:39 - Updated: 2026-05-28 02:54

Summary

Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

Severity

Moderate

Notes

Topic: An update for Red Hat Hardened Images RPMs is now available.

Details: This update includes the following RPMs: unbound: * python3-unbound-1.25.1-1.hum1 (aarch64, x86_64) * unbound-1.25.1-1.hum1 (aarch64, x86_64) * unbound-anchor-1.25.1-1.hum1 (aarch64, x86_64) * unbound-devel-1.25.1-1.hum1 (aarch64, x86_64) * unbound-dracut-1.25.1-1.hum1 (aarch64, x86_64) * unbound-libs-1.25.1-1.hum1 (aarch64, x86_64) * unbound-munin-1.25.1-1.hum1 (noarch) * unbound-utils-1.25.1-1.hum1 (aarch64, x86_64) * unbound-1.25.1-1.hum1.src (src)

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2026-32792

A flaw was found in Unbound. A remote attacker can exploit this vulnerability by sending a specially crafted DNSCrypt query. This malicious query, when processed, causes Unbound to read beyond its allocated memory, leading to a heap overflow. This can result in a denial of service (DoS) by crashing the Unbound service.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: Red Hat Hardened Images:unbound-main@aarch64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:unbound-main@noarch	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:unbound-main@src	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:unbound-main@x86_64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2026-42923

A flaw was found in Unbound's DNSSEC validator where the code path for consulting the negative cache for DS records does not honor the limit on NSEC3 hash calculations introduced in version 1.19.1. An adversary who controls a DNSSEC-signed zone can sign NSEC3 records with high iteration counts for child delegations, causing Unbound to perform excessive hash computations while holding a global lock on the negative cache. This temporarily blocks other resolver threads from accessing the negative cache, leading to degraded DNS resolution performance for the duration of the attack.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: Red Hat Hardened Images:unbound-main@aarch64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:unbound-main@noarch	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:unbound-main@src	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:unbound-main@x86_64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2026-42960

A flaw was found in Unbound's handling of DNS reply messages, complementing the earlier CVE-2025-11411 fix. Unbound accepts and caches address records from the additional section of DNS replies when they accompany authority section RRSets other than NS (such as MX records). A malicious actor who can inject crafted DNS responses—via packet spoofing or fragmentation attacks—can exploit this to poison Unbound's cache with attacker-controlled address records, potentially redirecting DNS resolution for affected domains.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-349 - Acceptance of Extraneous Untrusted Data With Trusted Data

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: Red Hat Hardened Images:unbound-main@aarch64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:unbound-main@noarch	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:unbound-main@src	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:unbound-main@x86_64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

References

19 references

URL	Category
https://access.redhat.com/errata/RHSA-2026:20357	self
https://images.redhat.com/	external
https://access.redhat.com/security/cve/CVE-2026-32792	external
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/security/cve/CVE-2026-42960	external
https://access.redhat.com/security/cve/CVE-2026-42923	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2026-32792	self
https://bugzilla.redhat.com/show_bug.cgi?id=2479779	external
https://www.cve.org/CVERecord?id=CVE-2026-32792	external
https://nvd.nist.gov/vuln/detail/CVE-2026-32792	external
https://access.redhat.com/security/cve/CVE-2026-42923	self
https://bugzilla.redhat.com/show_bug.cgi?id=2479825	external
https://www.cve.org/CVERecord?id=CVE-2026-42923	external
https://nvd.nist.gov/vuln/detail/CVE-2026-42923	external
https://access.redhat.com/security/cve/CVE-2026-42960	self
https://bugzilla.redhat.com/show_bug.cgi?id=2479821	external
https://www.cve.org/CVERecord?id=CVE-2026-42960	external
https://nvd.nist.gov/vuln/detail/CVE-2026-42960	external

Acknowledgments

Peking University TaoFei Guo

Tsinghua University Yang Luo JianJun Chen

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for Red Hat Hardened Images RPMs is now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "This update includes the following RPMs:\n\nunbound:\n  * python3-unbound-1.25.1-1.hum1 (aarch64, x86_64)\n  * unbound-1.25.1-1.hum1 (aarch64, x86_64)\n  * unbound-anchor-1.25.1-1.hum1 (aarch64, x86_64)\n  * unbound-devel-1.25.1-1.hum1 (aarch64, x86_64)\n  * unbound-dracut-1.25.1-1.hum1 (aarch64, x86_64)\n  * unbound-libs-1.25.1-1.hum1 (aarch64, x86_64)\n  * unbound-munin-1.25.1-1.hum1 (noarch)\n  * unbound-utils-1.25.1-1.hum1 (aarch64, x86_64)\n  * unbound-1.25.1-1.hum1.src (src)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:20357",
        "url": "https://access.redhat.com/errata/RHSA-2026:20357"
      },
      {
        "category": "external",
        "summary": "https://images.redhat.com/",
        "url": "https://images.redhat.com/"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-32792",
        "url": "https://access.redhat.com/security/cve/CVE-2026-32792"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-42960",
        "url": "https://access.redhat.com/security/cve/CVE-2026-42960"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-42923",
        "url": "https://access.redhat.com/security/cve/CVE-2026-42923"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_20357.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2026-05-28T02:54:11+00:00",
      "generator": {
        "date": "2026-05-28T02:54:11+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2026:20357",
      "initial_release_date": "2026-05-23T20:39:46+00:00",
      "revision_history": [
        {
          "date": "2026-05-23T20:39:46+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-05-26T14:45:39+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-28T02:54:11+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Hardened Images",
                "product": {
                  "name": "Red Hat Hardened Images",
                  "product_id": "Red Hat Hardened Images",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:hummingbird:1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Hardened Images"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "unbound-main@aarch64",
                "product": {
                  "name": "unbound-main@aarch64",
                  "product_id": "unbound-main@aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-unbound@1.25.1-1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "unbound-main@x86_64",
                "product": {
                  "name": "unbound-main@x86_64",
                  "product_id": "unbound-main@x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-unbound@1.25.1-1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "unbound-main@src",
                "product": {
                  "name": "unbound-main@src",
                  "product_id": "unbound-main@src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/unbound@1.25.1-1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "unbound-main@noarch",
                "product": {
                  "name": "unbound-main@noarch",
                  "product_id": "unbound-main@noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/unbound-munin@1.25.1-1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unbound-main@aarch64 as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:unbound-main@aarch64"
        },
        "product_reference": "unbound-main@aarch64",
        "relates_to_product_reference": "Red Hat Hardened Images"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unbound-main@noarch as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:unbound-main@noarch"
        },
        "product_reference": "unbound-main@noarch",
        "relates_to_product_reference": "Red Hat Hardened Images"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unbound-main@src as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:unbound-main@src"
        },
        "product_reference": "unbound-main@src",
        "relates_to_product_reference": "Red Hat Hardened Images"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unbound-main@x86_64 as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:unbound-main@x86_64"
        },
        "product_reference": "unbound-main@x86_64",
        "relates_to_product_reference": "Red Hat Hardened Images"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-32792",
      "discovery_date": "2026-05-19T10:24:01.587000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2479779"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Unbound. A remote attacker can exploit this vulnerability by sending a specially crafted DNSCrypt query. This malicious query, when processed, causes Unbound to read beyond its allocated memory, leading to a heap overflow. This can result in a denial of service (DoS) by crashing the Unbound service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "unbound: Packet of death with DNSCrypt",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This Moderate impact denial of service vulnerability affects Unbound instances compiled with DNSCrypt support. A specially crafted DNSCrypt query could lead to a heap overflow and service crash. However, the likelihood of a crash is low due to reliance on specific memory layouts and subsequent packet checks that may prevent successful exploitation.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:unbound-main@aarch64",
          "Red Hat Hardened Images:unbound-main@noarch",
          "Red Hat Hardened Images:unbound-main@src",
          "Red Hat Hardened Images:unbound-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-32792"
        },
        {
          "category": "external",
          "summary": "RHBZ#2479779",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479779"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-32792",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32792"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32792",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32792"
        }
      ],
      "release_date": "2026-05-26T03:43:23.376000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-23T20:39:46+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:unbound-main@aarch64",
            "Red Hat Hardened Images:unbound-main@noarch",
            "Red Hat Hardened Images:unbound-main@src",
            "Red Hat Hardened Images:unbound-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:20357"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat Hardened Images:unbound-main@aarch64",
            "Red Hat Hardened Images:unbound-main@noarch",
            "Red Hat Hardened Images:unbound-main@src",
            "Red Hat Hardened Images:unbound-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:unbound-main@aarch64",
            "Red Hat Hardened Images:unbound-main@noarch",
            "Red Hat Hardened Images:unbound-main@src",
            "Red Hat Hardened Images:unbound-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "unbound: Packet of death with DNSCrypt"
    },
    {
      "cve": "CVE-2026-42923",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2026-05-19T12:26:23.936000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2479825"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Unbound\u0027s DNSSEC validator where the code path for consulting the negative cache for DS records does not honor the limit on NSEC3 hash calculations introduced in version 1.19.1. An adversary who controls a DNSSEC-signed zone can sign NSEC3 records with high iteration counts for child delegations, causing Unbound to perform excessive hash computations while holding a global lock on the negative cache. This temporarily blocks other resolver threads from accessing the negative cache, leading to degraded DNS resolution performance for the duration of the attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "unbound: Unbound DNSSEC Validator NSEC3 Hash Calculation Limit Bypass via Negative Cache Code Path Leading to DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The Red Hat Product Security team has assessed the severity of this vulnerability as Moderate. The flaw can be remotely triggered without authentication, but the impact is limited to service degradation rather than a full denial-of-service.The Unbound process does not crash,a global negative cache lock is held during excessive NSEC3 hash computations, temporarily blocking other resolver threads. The root cause is a negative cache code path that bypasses the existing NSEC3 hash computation limits.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:unbound-main@aarch64",
          "Red Hat Hardened Images:unbound-main@noarch",
          "Red Hat Hardened Images:unbound-main@src",
          "Red Hat Hardened Images:unbound-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-42923"
        },
        {
          "category": "external",
          "summary": "RHBZ#2479825",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479825"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-42923",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42923"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42923",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42923"
        }
      ],
      "release_date": "2026-05-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-23T20:39:46+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:unbound-main@aarch64",
            "Red Hat Hardened Images:unbound-main@noarch",
            "Red Hat Hardened Images:unbound-main@src",
            "Red Hat Hardened Images:unbound-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:20357"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat Hardened Images:unbound-main@aarch64",
            "Red Hat Hardened Images:unbound-main@noarch",
            "Red Hat Hardened Images:unbound-main@src",
            "Red Hat Hardened Images:unbound-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:unbound-main@aarch64",
            "Red Hat Hardened Images:unbound-main@noarch",
            "Red Hat Hardened Images:unbound-main@src",
            "Red Hat Hardened Images:unbound-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "unbound: Unbound DNSSEC Validator NSEC3 Hash Calculation Limit Bypass via Negative Cache Code Path Leading to DoS"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "TaoFei Guo"
          ],
          "organization": "Peking University"
        },
        {
          "names": [
            "Yang Luo",
            "JianJun Chen"
          ],
          "organization": "Tsinghua University"
        }
      ],
      "cve": "CVE-2026-42960",
      "cwe": {
        "id": "CWE-349",
        "name": "Acceptance of Extraneous Untrusted Data With Trusted Data"
      },
      "discovery_date": "2026-05-19T12:09:50.308000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2479821"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Unbound\u0027s handling of DNS reply messages, complementing the earlier CVE-2025-11411 fix. Unbound accepts and caches address records from the additional section of DNS replies when they accompany authority section RRSets other than NS (such as MX records). A malicious actor who can inject crafted DNS responses\u2014via packet spoofing or fragmentation attacks\u2014can exploit this to poison Unbound\u0027s cache with attacker-controlled address records, potentially redirecting DNS resolution for affected domains.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "unbound: Unbound DNS Cache Poisoning via Promiscuous Additional Section RRSet Acceptance",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The Red Hat Product Security team has assessed the severity of this vulnerability as Moderate. Exploitation requires the attacker to successfully inject or spoof DNS response packets, which increases attack complexity. However, successful exploitation can result in DNS cache poisoning, allowing the attacker to redirect DNS resolution for affected domains.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:unbound-main@aarch64",
          "Red Hat Hardened Images:unbound-main@noarch",
          "Red Hat Hardened Images:unbound-main@src",
          "Red Hat Hardened Images:unbound-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-42960"
        },
        {
          "category": "external",
          "summary": "RHBZ#2479821",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479821"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-42960",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42960"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42960",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42960"
        }
      ],
      "release_date": "2026-05-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-23T20:39:46+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:unbound-main@aarch64",
            "Red Hat Hardened Images:unbound-main@noarch",
            "Red Hat Hardened Images:unbound-main@src",
            "Red Hat Hardened Images:unbound-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:20357"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat Hardened Images:unbound-main@aarch64",
            "Red Hat Hardened Images:unbound-main@noarch",
            "Red Hat Hardened Images:unbound-main@src",
            "Red Hat Hardened Images:unbound-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:unbound-main@aarch64",
            "Red Hat Hardened Images:unbound-main@noarch",
            "Red Hat Hardened Images:unbound-main@src",
            "Red Hat Hardened Images:unbound-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "unbound: Unbound DNS Cache Poisoning via Promiscuous Additional Section RRSet Acceptance"
    }
  ]
}

CVE-2026-32792 (GCVE-0-2026-32792)

Vulnerability from cvelistv5 – Published: 2026-05-20 09:17 – Updated: 2026-05-20 12:16

Title

Packet of death with DNSCrypt

Summary

NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a denial of service vulnerability when compiled with DNSCrypt support ('--enable-dnscrypt'). A bad DNSCrypt query could underflow Unbound's DNSCrypt packet reading procedure that may lead to heap overflow. A malicious actor can exploit the vulnerability with a single bad DNSCrypt query that its decrypted plaintext consists entirely of '0x00' bytes and does not contain the expected '0x80' marker. Unbound would then start reading more bytes than necessary until it finds a non-'0x00' byte. Based on the underlying memory allocator and the memory layout, it could lead to heap overflow while reading followed by a crash. Likelihood of a crash is low, since it relies heavily on the underlying memory allocator and the memory layout. If the heap overflow does not happen, Unbound's later packet checks will deny the packet. Unbound 1.25.1 contains a patch with a fix to bound reading in the given buffer space.

Severity

4.6 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CWE

CWE-166 - Improper Handling of Missing Special Element
CWE-125 - Out-of-bounds Read

Assigner

NLnet Labs

References

1 reference

URL	Tags
https://www.nlnetlabs.nl/downloads/unbound/CVE-20…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
NLnet Labs	Unbound	Affected: 1.6.2 , < 1.25.1 (semver)

Date Public

2026-05-20 00:00

Credits

Andrew Griffiths (calif.io)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-32792",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-20T12:15:56.617664Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-20T12:16:06.804Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Unbound",
          "vendor": "NLnet Labs",
          "versions": [
            {
              "lessThan": "1.25.1",
              "status": "affected",
              "version": "1.6.2",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Andrew Griffiths (calif.io)"
        }
      ],
      "datePublic": "2026-05-20T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a denial of service vulnerability when compiled with DNSCrypt support (\u0027--enable-dnscrypt\u0027). A bad DNSCrypt query could underflow Unbound\u0027s DNSCrypt packet reading procedure that may lead to heap overflow. A malicious actor can exploit the vulnerability with a single bad DNSCrypt query that its decrypted plaintext consists entirely of \u00270x00\u0027 bytes and does not contain the expected \u00270x80\u0027 marker. Unbound would then start reading more bytes than necessary until it finds a non-\u00270x00\u0027 byte. Based on the underlying memory allocator and the memory layout, it could lead to heap overflow while reading followed by a crash. Likelihood of a crash is low, since it relies heavily on the underlying memory allocator and the memory layout. If the heap overflow does not happen, Unbound\u0027s later packet checks will deny the packet. Unbound 1.25.1 contains a patch with a fix to bound reading in the given buffer space."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green",
            "version": "4.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "Compiled with DNSCrypt"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-166",
              "description": "CWE-166: Improper Handling of Missing Special Element",
              "lang": "en",
              "type": "CWE"
            },
            {
              "cweId": "CWE-125",
              "description": "CWE-125: Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-20T09:17:47.920Z",
        "orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
        "shortName": "NLnet Labs"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-32792.txt"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "This issue is fixed starting with version 1.25.1"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-04-16T00:00:00.000Z",
          "value": "Issue reported by Andrew Griffiths"
        },
        {
          "lang": "en",
          "time": "2026-04-17T00:00:00.000Z",
          "value": "NLnet Labs shares patch"
        },
        {
          "lang": "en",
          "time": "2026-04-18T00:00:00.000Z",
          "value": "Andrew Griffiths verifies patch"
        },
        {
          "lang": "en",
          "time": "2026-05-20T00:00:00.000Z",
          "value": "Fixes released with version 1.25.1"
        }
      ],
      "title": "Packet of death with DNSCrypt",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
    "assignerShortName": "NLnet Labs",
    "cveId": "CVE-2026-32792",
    "datePublished": "2026-05-20T09:17:47.920Z",
    "dateReserved": "2026-05-07T10:07:51.839Z",
    "dateUpdated": "2026-05-20T12:16:06.804Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-42923 (GCVE-0-2026-42923)

Vulnerability from cvelistv5 – Published: 2026-05-20 09:20 – Updated: 2026-05-20 12:10

Title

Degradation of service with unbounded NSEC3 hash calculations

Summary

NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the DNSSEC validator where the code path to consult the negative cache for DS records does not take into account the limit on NSEC3 hash calculations introduced in 1.19.1. This leads to degradation of service during the attack. An adversary that controls a DNSSEC signed zone can exploit this by signing NSEC3 records with acceptably high iterations for child delegations and querying a vulnerable Unbound. Unbound will keep performing the allowed hash calculations on the NSEC3 records and will not limit the work by the mitigation introduced in 1.19.1. As a side effect, a global lock for the negative cache will be held for the duration of the hashing, blocking other threads that need to consult the negative cache. Coordinated attacks could raise the vulnerability to denial of service. Unbound 1.25.1 contains a patch with a fix to bound the vulnerable code path with the existing limit for NSEC3 hash calculations.

Severity

6.9 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/U:Amber

CWE

CWE-407 - Inefficient Algorithmic Complexity

Assigner

NLnet Labs

References

1 reference

URL	Tags
https://www.nlnetlabs.nl/downloads/unbound/CVE-20…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
NLnet Labs	Unbound	Affected: 0 , < 1.25.1 (semver)

Date Public

2026-05-20 00:00

Credits

Qifan Zhang (Palo Alto Networks)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-42923",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-20T12:10:04.210764Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-20T12:10:10.747Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Unbound",
          "vendor": "NLnet Labs",
          "versions": [
            {
              "lessThan": "1.25.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Qifan Zhang (Palo Alto Networks)"
        }
      ],
      "datePublic": "2026-05-20T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the DNSSEC validator where the code path to consult the negative cache for DS records does not take into account the limit on NSEC3 hash calculations introduced in 1.19.1. This leads to degradation of service during the attack. An adversary that controls a DNSSEC signed zone can exploit this by signing NSEC3 records with acceptably high iterations for child delegations and querying a vulnerable Unbound. Unbound will keep performing the allowed hash calculations on the NSEC3 records and will not limit the work by the mitigation introduced in 1.19.1. As a side effect, a global lock for the negative cache will be held for the duration of the hashing, blocking other threads that need to consult the negative cache. Coordinated attacks could raise the vulnerability to denial of service. Unbound 1.25.1 contains a patch with a fix to bound the vulnerable code path with the existing limit for NSEC3 hash calculations."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/U:Amber",
            "version": "4.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-407",
              "description": "CWE-407: Inefficient Algorithmic Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-20T09:20:01.104Z",
        "orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
        "shortName": "NLnet Labs"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-42923.txt"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "This issue is fixed starting with version 1.25.1"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-04-28T00:00:00.000Z",
          "value": "Issue reported by Qifan Zhang"
        },
        {
          "lang": "en",
          "time": "2026-05-07T00:00:00.000Z",
          "value": "NLnet Labs shares patch"
        },
        {
          "lang": "en",
          "time": "2026-05-08T00:00:00.000Z",
          "value": "Qifan Zhang verifies patch"
        },
        {
          "lang": "en",
          "time": "2026-05-20T00:00:00.000Z",
          "value": "Fixes released with version 1.25.1"
        }
      ],
      "title": "Degradation of service with unbounded NSEC3 hash calculations",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
    "assignerShortName": "NLnet Labs",
    "cveId": "CVE-2026-42923",
    "datePublished": "2026-05-20T09:20:01.104Z",
    "dateReserved": "2026-05-07T10:07:51.800Z",
    "dateUpdated": "2026-05-20T12:10:10.747Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-42960 (GCVE-0-2026-42960)

Vulnerability from cvelistv5 – Published: 2026-05-20 09:21 – Updated: 2026-05-20 13:04

Title

Possible cache poisoning via promiscuous records for the authority section

Summary

NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that complement DNS replies in the authority section can be used to trick Unbound to cache such records. If an adversary is able to attach such records in a reply (i.e., spoofed packet, fragmentation attack) he would be able to poison Unbound's cache. A malicious actor can exploit the possible poisonous effect by injecting RRSets other than NS that are also accompanied by address records in a reply, for example MX. This could be achieved by trying to spoof a reply packet or fragmentation attacks. Unbound would then accept the relative address records in the additional section and cache them if the authority RRSet has enough trust at this point, i.e., in-zone data for the delegation point. Unbound 1.25.1 contains a patch with a fix that disregards address records from the additional section if they are not explicitly relevant only to authority NS records, mitigating the possible poison effect. This is a complement fix to CVE-2025-11411.

Severity

5.7 (Medium)


                        
                          CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:H/E:P/U:Amber

CWE

CWE-349 - Acceptance of Extraneous Untrusted Data With Trusted Data

Assigner

NLnet Labs

References

1 reference

URL	Tags
https://www.nlnetlabs.nl/downloads/unbound/CVE-20…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
NLnet Labs	Unbound	Affected: 0 , < 1.25.1 (semver)

Date Public

2026-05-20 00:00

Credits

TaoFei Guo (Peking University) Yang Luo (Tsinghua University) JianJun Chen (Tsinghua University)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-42960",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-20T13:04:22.642063Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-20T13:04:34.933Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Unbound",
          "vendor": "NLnet Labs",
          "versions": [
            {
              "lessThan": "1.25.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "TaoFei Guo (Peking University)"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Yang Luo (Tsinghua University)"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "JianJun Chen (Tsinghua University)"
        }
      ],
      "datePublic": "2026-05-20T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that complement DNS replies in the authority section can be used to trick Unbound to cache such records. If an adversary is able to attach such records in a reply (i.e., spoofed packet, fragmentation attack) he would be able to poison Unbound\u0027s cache. A malicious actor can exploit the possible poisonous effect by injecting RRSets other than NS that are also accompanied by address records in a reply, for example MX. This could be achieved by trying to spoof a reply packet or fragmentation attacks. Unbound would then accept the relative address records in the additional section and cache them if the authority RRSet has enough trust at this point, i.e., in-zone data for the delegation point. Unbound 1.25.1 contains a patch with a fix that disregards address records from the additional section if they are not explicitly relevant only to authority NS records, mitigating the possible poison effect. This is a complement fix to CVE-2025-11411."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:H/E:P/U:Amber",
            "version": "4.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-349",
              "description": "CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-20T09:21:02.070Z",
        "orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
        "shortName": "NLnet Labs"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-42960.txt"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "This issue is fixed starting with version 1.25.1"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-11-28T00:00:00.000Z",
          "value": "Issue reported by TaoFei Guo"
        },
        {
          "lang": "en",
          "time": "2025-11-28T00:00:00.000Z",
          "value": "NLnet Labs acknowledges the report"
        },
        {
          "lang": "en",
          "time": "2025-12-22T00:00:00.000Z",
          "value": "NLnet Labs shares a patch"
        },
        {
          "lang": "en",
          "time": "2026-03-16T00:00:00.000Z",
          "value": "TaoFei Guo verifies patch"
        },
        {
          "lang": "en",
          "time": "2026-05-20T00:00:00.000Z",
          "value": "Fixes released with version 1.25.1"
        }
      ],
      "title": "Possible cache poisoning via promiscuous records for the authority section",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
    "assignerShortName": "NLnet Labs",
    "cveId": "CVE-2026-42960",
    "datePublished": "2026-05-20T09:21:02.070Z",
    "dateReserved": "2026-05-07T10:13:43.999Z",
    "dateUpdated": "2026-05-20T13:04:34.933Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2026:20357

CVE-2026-32792 (GCVE-0-2026-32792)

CVE-2026-42923 (GCVE-0-2026-42923)

CVE-2026-42960 (GCVE-0-2026-42960)

Tags

Sightings

Nomenclature