What is CVE-2026-42923?

CVE-2026-42923 is a medium-severity vulnerability in Nlnet Labs Unbound, classified under Inefficient Algorithmic Complexity. CVSS score: 5.3/10. Published 2026-05-20.

How severe is CVE-2026-42923?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Vulnerability in Nlnet Labs Unbound

CVE-2026-42923

NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the DNSSEC validator where the code path to consult the negative cache for DS records does not take into account the limit on NSEC3 hash calculations introduced i…

EPSS: 0.001 (18.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L.

Affected products

Nlnet Labs Unbound — versions 0
Nlnetlabs Unbound

Weakness classification (CWE)

CWE-407 — Inefficient Algorithmic Complexity

References

sep@nlnetlabs.nl (vendor-advisory, Mitigation, Vendor Advisory)

Frequently asked questions

What is CVE-2026-42923?: CVE-2026-42923 is a medium-severity vulnerability in Nlnet Labs Unbound, classified under Inefficient Algorithmic Complexity. CVSS score: 5.3/10. Published 2026-05-20.
How severe is CVE-2026-42923?: Medium severity. CVSS v3 base score is 5.3 out of 10.