CVE-2026-32792 — Vulnetix

CVE-2026-32792 PUBLISHED CVSS 4.599999904632568 MEDIUM

NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a denial of service vulnerability when compiled with DNSCrypt support ('--enable-dnscrypt'). A bad DNSCrypt query could underflow Unbound's DNSCrypt packet reading procedure that may lead to heap overflow. A malicious actor can exploit the vulnerability with a single bad DNSCrypt query that its decrypted plaintext consists entirely of '0x00' bytes and does not contain the expected '0x80' marker. Unbound would then start reading more bytes than necessary until it finds a non-'0x00' byte. Based on the underlying memory allocator and the memory layout, it could lead to heap overflow while reading followed by a crash. Likelihood of a crash is low, since it relies heavily on the underlying memory allocator and the memory layout. If the heap overflow does not happen, Unbound's later packet checks will deny the packet. Unbound 1.25.1 contains a patch with a fix to bound reading in the given buffer space.

EPSS 0.06% · 18.3th percentile

Risk Scores

CVSS v4.0

4.599999904632568

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

EPSS Score

0.06%

18.3th percentile

Affected Products

Vendor	Product	Versions
nlnetlabs	unbound	1.6.2
NLnet Labs	Unbound	1.6.2

Timeline

May 20, 2026 EPSS Score
May 20, 2026 CVE Published
May 20, 2026 PoC Published
May 20, 2026 PoC Published
May 20, 2026 CVE Updated
May 21, 2026 EPSS Score
May 21, 2026 Coalition ESS Score
May 21, 2026 Security Advisory
May 22, 2026 EPSS Score
May 23, 2026 EPSS Score
May 24, 2026 EPSS Score
May 25, 2026 EPSS Score

References

https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-32792.txt vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2026-32792 advisory

Open in Interactive Console →