Back

Multiple Unbound Vulnerabilities in Ubuntu Lead to DoS and RCE Risks

Severity: High (Score: 70.5)

Sources: Linuxsecurity, Ubuntu

Published: 2026-05-20 · Updated: 2026-05-20

Keywords: ubuntu, unbound, issues, cause, security, issue, versions

Severity indicators: issue, security issue, rce

Summary

On May 20, 2026, multiple vulnerabilities in Unbound were disclosed, affecting Ubuntu versions 22.04, 24.04, 25.10, and 26.04 LTS. Key issues include improper handling of DNSCrypt packets (CVE-2026-32792), which can lead to denial of service, and flaws in DNSSEC validation (CVE-2026-33278) that could allow remote code execution. Additional vulnerabilities (CVE-2026-40622, CVE-2026-41292, CVE-2026-42534) also pose risks of denial of service due to excessive resource usage. These vulnerabilities were discovered by Andrew Griffiths and Qifan Zhang. Users are advised to update their systems to mitigate these risks. The affected packages include libunbound and unbound across the specified Ubuntu versions. Key Points: • Unbound vulnerabilities could lead to denial of service and remote code execution. • Affected Ubuntu versions include 22.04, 24.04, 25.10, and 26.04 LTS. • Immediate system updates are recommended to address these vulnerabilities.

Detailed Analysis

**Impact** Ubuntu users running versions 24.04 LTS, 25.10, and 26.04 LTS are primarily affected, with some issues also impacting 22.04 LTS. The vulnerabilities expose systems to denial of service (DoS) and remote code execution (RCE) risks, potentially disrupting DNS resolution services critical to business operations. DNS cache poisoning could lead to sensitive information disclosure. No specific sectors or geographies are detailed in the sources. **Technical Details** Multiple vulnerabilities in the Unbound DNS resolver were discovered, including improper handling of DNSCrypt packets (CVE-2026-32792), incorrect DNSSEC validation (CVE-2026-33278), ghost domain name record handling (CVE-2026-40622), and resource exhaustion via EDNS options (CVE-2026-41292, CVE-2026-42534, CVE-2026-42923). Attackers can cause crashes, resource exhaustion, execute arbitrary code, or poison DNS caches. The affected software versions are unbound 1.19.2 through 1.24.2 depending on Ubuntu release. No specific malware, tools, or IOCs are mentioned. **Recommended Response** Apply the latest Unbound patches provided in Ubuntu Security Notice USN-8282-1 immediately, updating to libunbound8 and unbound package versions listed per Ubuntu release. Monitor DNS resolver logs for unusual crashes or resource spikes. Harden DNS configurations to limit exposure to malformed DNSCrypt and EDNS packets. No additional detection signatures or IOCs are provided in the sources.

Source articles (2)

  • Unbound Issues in Ubuntu Versions 22.04 24.04 25.10 26.04 Cause DoS RCE — Linuxsecurity · 2026-05-20
    A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in Unbound. S…
  • USN-8282-1: Unbound vulnerabilities — Ubuntu · 2026-05-20
    Andrew Griffiths discovered that Unbound did not properly handle certain DNSCrypt packets. A remote attacker could possibly use this issue to cause Unbound to crash, resulting in a denial of service.…

Timeline

  • 2026-05-20 — Multiple Unbound vulnerabilities disclosed: CVE-2026-32792 and CVE-2026-33278 highlight risks of DoS and RCE in Unbound affecting several Ubuntu versions.
  • 2026-05-20 — Security advisory published: Linuxsecurity reported on the vulnerabilities in Unbound, urging users to update their systems immediately.
  • 2026-05-20 — CVE-2026-32792 published: Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
  • 2026-05-20 — CVE-2026-42923 published: Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
  • 2026-05-20 — CVE-2026-42960 published: Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
  • 2026-05-20 — CVE-2026-44390 published: Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
  • 2026-05-20 — CVE-2026-44608 published: Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
  • 2026-05-20 — CVE-2026-40622 published: Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
  • 2026-05-20 — CVE-2026-33278 published: Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
  • 2026-05-20 — CVE-2026-42944 published: Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.

CVEs

  • CVE-2026-32792
  • CVE-2026-33278
  • CVE-2026-40622
  • CVE-2026-41292
  • CVE-2026-42534
  • CVE-2026-42923
  • CVE-2026-42944
  • CVE-2026-42959
  • CVE-2026-42960
  • CVE-2026-44390
  • CVE-2026-44608

Related entities

  • DDoS (Attack Type)
  • Denial of Service (Attack Type)
  • Remote Code Execution (Attack Type)
  • Zero-day Exploit (Attack Type)
  • CWE-200 - Exposure of Sensitive Information (Cwe)
  • Cwe-400 - Uncontrolled Resource Consumption (Cwe)
  • Cwe-416 - Use After Free (Cwe)
  • CWE-78 - OS Command Injection (Cwe)
  • CWE-94 - Code Injection (Cwe)
  • Ubuntu (Company)
  • Unbound (Vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed