NLNET Labs has issued a significant security update for its Unbound DNS resolver software to address multiple vulnerabilities, including a critical DNSSEC validation flaw (CVE-2026-33278) allowing remote code execution. This issue, stemming from a memory management error during the processing of complex NSEC3 records, poses a serious risk of daemon crashes or malicious control.
Additionally, two other high-severity vulnerabilities (CVE-2026-42944 and CVE-2026-42959) are resolved, relating to heap overflow and validator crashes respectively. Medium-severity vulnerabilities threaten performance, including cache poisoning and excessive CPU usage. Users are advised to upgrade to version 1.25.1 immediately or apply specific patches, while disabling certain vulnerable features may help reduce risks.