Critical NSD Vulnerabilities in Ubuntu 26.04 LTS Expose Servers to Remote Attacks

Multiple vulnerabilities have been discovered in NSD, a DNS server software, affecting Ubuntu 26.04 LTS. These include a stack-based buffer overflow (CVE-2026-12246), a heap overflow (CVE-2026-12244), a use-after-free vulnerability (CVE-2026-12245), and a TLS authentication bypass (CVE-2026-12490). A remote attacker could exploit these vulnerabilities through specially crafted network traffic, potentially executing arbitrary code or causing denial of service. All identified vulnerabilities were published on 2026-06-25. Administrators are urged to update their systems to mitigate these risks. The vulnerabilities primarily affect the NSD server running on Ubuntu 26.04 LTS.

Key Points: • NSD vulnerabilities could allow remote code execution or denial of service. • Affected systems include Ubuntu 26.04 LTS with critical CVEs published on 2026-06-25. • Immediate updates are recommended to protect against these vulnerabilities.