CVE-2026-42534— Jostle logic bypass degrades resolution performance
Possible ATT&CK Techniques 2AI
T1499.002 · Service Exhaustion Flood T1498.002 · Reflection AmplificationAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| NLnet Labs | Unbound | < 1.25.1 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-42534
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Jostle logic bypass degrades resolution performance
Source: NVD (National Vulnerability Database)
Vulnerability Description
NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the jostle logic that could defeat its purpose and degrade resolution performance. Retransmits of the same query could renew the age of slow running queries and not allow the jostle logic to see them as aged and potential targets for replacement with new queries. An adversary who can query a vulnerable Unbound and who can control a domain name server that replies slowly and/or maliciously to Unbound's queries can exploit the vulnerability and degrade the resolution performance of Unbound. When Unbound's 'num-queries-per-thread' reaches its limit, the jostle logic kicks in. When a new query comes in, half of the available queries that are also slow to resolve are candidates for replacement. The vulnerability then happens because duplicate queries that need resolution would skew the aging result by using the timestamp of the latest duplicate query instead of the original one that started the resolution effort. Cache and local data response performance remains unaffected. Coordinated attacks could raise this to a denial of resolution service. Unbound 1.25.1 contains a patch with a fix to attach an initial, non-updatable start time for incoming queries that allow the jostle logic to work as intended.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
预期行为违背
Source: NVD (National Vulnerability Database)
Vulnerability Title
NLnet Labs Unbound 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
NLnet Labs Unbound是NLnet Labs开源的一个高性能DNS解析器。 NLnet Labs Unbound 1.25.0及之前版本存在安全漏洞,该漏洞源于jostle逻辑中重复查询的时间戳更新问题,可能导致慢查询无法被替换,攻击者通过控制慢速或恶意响应的域名服务器可降低Unbound的解析性能。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| NLnet Labs | Unbound | 0 ~ 1.25.1 | - |
II. Public POCs for CVE-2026-42534
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-42534
请登录查看更多情报信息。
Other References for CVE-2026-42534 (1)
Same Patch Batch · NLnet Labs · 2026-05-20 · 11 CVEs total
| CVE-2026-41292 | Long list of incoming EDNS options degrades performance | |
| CVE-2026-42959 | Crash during DNSSEC validation of malicious content | |
| CVE-2026-42923 | Degradation of service with unbounded NSEC3 hash calculations | |
| CVE-2026-42944 | Heap overflow with multiple NSID, COOKIE, PADDING EDNS options | |
| CVE-2026-42960 | Possible cache poisoning via promiscuous records for the authority section | |
| CVE-2026-32792 | Packet of death with DNSCrypt | |
| CVE-2026-40622 | Another 'ghost domain names' attack variant | |
| CVE-2026-44390 | Unbounded name compression in certain cases causes degradation of service | |
| CVE-2026-44608 | Use after free and crash under special conditions in RPZ code | |
| CVE-2026-33278 | Possible arbitrary code execution during DNSSEC validation |
IV. Related Vulnerabilities
Same product: Unbound
- CVE-2026-44608
Use after free and crash under special conditions in RPZ cod - CVE-2026-44390
Unbounded name compression in certain cases causes degradati - CVE-2026-42960
Possible cache poisoning via promiscuous records for the aut - CVE-2026-42959
Crash during DNSSEC validation of malicious content - CVE-2026-42944
Heap overflow with multiple NSID, COOKIE, PADDING EDNS optio
Same vendor: NLnet Labs
- CVE-2026-44608
Use after free and crash under special conditions in RPZ cod - CVE-2026-44390
Unbounded name compression in certain cases causes degradati - CVE-2026-42960
Possible cache poisoning via promiscuous records for the aut - CVE-2026-42959
Crash during DNSSEC validation of malicious content - CVE-2026-42944
Heap overflow with multiple NSID, COOKIE, PADDING EDNS optio
Same weakness: CWE-440
- CVE-2026-41136
free5GC AMF missing default case in Content-Type switch in H - CVE-2026-3344
WatchGuard Firebox System Integrity Check Bypass - CVE-2025-13940
WatchGuard Firebox Boot Time System Integrity Check Bypass - CVE-2025-8850
Insecure API Design in danny-avila/librechat - CVE-2025-52953
Junos OS and Junos OS Evolved: An unauthenticated adjacent a
V. Comments for CVE-2026-42534
No comments yet