CVE-2026-40622— NLnet Labs Unbound 访问控制错误漏洞

Another 'ghost domain names' attack variant

NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vulnerability of the 'ghost domain names' family of attacks that could extend the ghost domain window by up to one cached TTL configured value. Similar to other 'ghost domain names' attacks, an adversary needs to control a (ghost) zone and be able to query a vulnerable Unbound. A single client NS query can cause Unbound to overwrite the cached expired parent-side referral NS rrset with the child-side apex NS rrset and essentially extend the ghost domain window by up to one cached TTL configured value ('cache-max-ttl'). In configurations where 'harden-referral-path: yes' is used (non-default configuration), no client NS query is required since Unbound implicitly performs that query. Unbound 1.25.1 contains a patch with a fix that does not allow extension of TTLs for (parent) NS records regardless of their trust.

N/A

N/A

NLnet Labs Unbound 访问控制错误漏洞

NLnet Labs Unbound是NLnet Labs开源的一个高性能DNS解析器。 NLnet Labs Unbound 1.16.2版本至1.25.0版本存在访问控制错误漏洞，该漏洞源于幽灵域名攻击，可能导致攻击者通过控制幽灵区域并查询易受攻击的Unbound，将缓存过期父端引用NS记录集覆盖为子端顶点NS记录集，从而将幽灵域名窗口延长最多一个配置的缓存TTL值。

N/A

N/A