Vulnerabilities ›

CVE-2026-40622

High

CWE-346 — Weakness Type

                    Published: May 20, 2026                      ·  Modified: May 27, 2026                      ·  Source: NVD                

CVSS v3

7.5

🔗 NVD Official

📄 Description (English)

NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vulnerability of the 'ghost domain names' family of attacks that could extend the ghost domain window by up to one cached TTL configured value. Similar to other 'ghost domain names' attacks, an adversary needs to control a (ghost) zone and be able to query a vulnerable Unbound. A single client NS query can cause Unbound to overwrite the cached expired parent-side referral NS rrset with the child-side apex NS rrset and essentially extend the ghost domain window by up to one cached TTL configured value ('cache-max-ttl'). In configurations where 'harden-referral-path: yes' is used (non-default configuration), no client NS query is required since Unbound implicitly performs that query. Unbound 1.25.1 contains a patch with a fix that does not allow extension of TTLs for (parent) NS records regardless of their trust.

🤖 AI Executive Summary

NLnet Labs Unbound versions 1.16.2 through 1.25.0 are vulnerable to ghost domain name attacks that can extend the cached TTL window for NS records. An attacker controlling a ghost zone can manipulate DNS caching to prolong domain hijacking attacks.

📄 Description (Arabic)

تؤثر هذه الثغرة على خوادم DNS التي تستخدم NLnet Labs Unbound وتسمح للمهاجمين بتمديد نافذة هجوم أسماء النطاقات الشبحية من خلال التلاعب بقيم TTL المخزنة مؤقتاً. يمكن لمستعلم واحد أو استعلام NS ضمني أن يسبب في الكتابة فوق سجلات NS المنتهية الصلاحية بسجلات من جانب الطفل.

🤖 ملخص تنفيذي (AI)

🤖 AI Intelligence Analysis Analyzed: May 27, 2026 03:49

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

telecom government banking energy

🎯 MITRE ATT&CK Techniques

T1566 T1190 T1498

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Upgrade NLnet Labs Unbound to version 1.25.1 or later immediately. For organizations unable to upgrade immediately, implement strict access controls to limit NS queries and consider enabling harden-referral-path configuration with caution after testing. Monitor DNS query logs for suspicious NS record queries targeting ghost domains.

🔧 خطوات المعالجة (العربية)

قم بترقية NLnet Labs Unbound إلى الإصدار 1.25.1 أو أحدث فوراً. للمنظمات غير القادرة على الترقية فوراً، طبق ضوابط وصول صارمة لتقييد استعلامات NS وفكر في تفعيل إعدادات harden-referral-path مع الحذر بعد الاختبار. راقب سجلات استعلامات DNS للاستعلامات المريبة المستهدفة للنطاقات الشبحية.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.13.1.1 A.12.6.1 A.14.2.1

🔵 SAMA CSF

ID.RA-1 PR.DS-2 DE.CM-1

🟡 ISO 27001:2022

27001:A.12.6.1 27001:A.13.1.1 27001:A.14.2.1

🔗 References & Sources 1

🔗

https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-40622.txt

sep@nlnetlabs.nl

Vendor Advisory Patch

📦 Affected Products / CPE 1 entries

nlnetlabs:unbound

📊 CVSS Score

7.5

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityH — High

AvailabilityN — None / Network

📋 Quick Facts

Severity High

CVSS Score7.5

CWECWE-346

EPSS0.02%

Exploit No

Patch ✓ Yes

Published 2026-05-20

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

patch-available CWE-346

🏢 Vendor Advisories

🔗 https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-...

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-40622

Introduce Yourself

Sign In Required