{"vulnerability": "CVE-2026-42960", "sightings": [{"uuid": "7f428e06-9c9a-4912-b66d-21c6064d336e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42960", "type": "seen", "source": "https://social.nlnetlabs.nl/users/nlnetlabs/statuses/116606458492280712", "content": "\ud83d\udea8 SECURITY RELEASE \ud83d\udea8Today we released Unbound 1.25.1, which consolidates security fixes for issues reported over a period of time. \nThere are fixes for CVE-2026-33278, CVE-2026-42944, CVE-2026-42959, CVE-2026-32792, CVE-2026-40622, CVE-2026-41292, CVE-2026-42534, CVE-2026-42923, CVE-2026-42960, CVE-2026-44390 and CVE-2026-44608.\nPlease read the release notes carefully and plan to upgrade. \n#DNS #DNSSEC #Mythos #LLM #OpenSource \nhttps://community.nlnetlabs.nl/t/unbound-1-25-1-released/3392", "creation_timestamp": "2026-05-20T10:36:25.657627Z"}, {"uuid": "1496f433-82de-464d-8f57-40a05f898c0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42960", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmbqqjqwms2i", "content": "CVE-2026-42960 - Possible cache poisoning via promiscuous records for the authority section\nCVE ID : CVE-2026-42960\n \n Published : May 20, 2026, 9:21 a.m. | 54\u00a0minutes ago\n \n Description : NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via pro...", "creation_timestamp": "2026-05-20T10:58:34.205632Z"}, {"uuid": "06d6d168-97a0-4ae8-9208-3716f8505250", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42960", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mopxcled5k2s", "content": "\u300cUnbound\u300d\u306b\u6df1\u523b\u306a\u8106\u5f31\u6027 - \u30b3\u30fc\u30c9\u5b9f\u884c\u3084\u30ad\u30e3\u30c3\u30b7\u30e5\u6c5a\u67d3\u306a\u3069\u306e\u304a\u305d\u308c\n\nNLnet Labs\u304c\u958b\u767a\u3059\u308b\u30ad\u30e3\u30c3\u30b7\u30e5DNS\u30b5\u30fc\u30d0\u300cUnbound\u300d\u306b\u8907\u6570\u306e\u8106\u5f31\u6027\u304c\u5224\u660e\u3057\u305f\u3002\u8106\u5f31\u6027\u3092\u4fee\u6b63\u3057\u305f\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u304c\u63d0\u4f9b\u3055\u308c\u3066\u3044\u308b\u3002\n\n\u73fe\u5730\u6642\u95932026\u5e745\u670820\u65e5\u306b\u6700\u65b0\u7248\u3068\u306a\u308b\u300c\u540c1.25.1\u300d\u3092\u30ea\u30ea\u30fc\u30b9\u3057\u305f\u3082\u306e\u3002CVE\u30d9\u30fc\u30b9\u306711\u4ef6\u306e\u8106\u5f31\u6027\u3092\u4fee\u6b63\u3057\u3066\u3044\u308b\u3002\n\n\u300cCVE-2026-42960\u300d\u306f\u3001\u6a29\u5a01\u30bb\u30af\u30b7\u30e7\u30f3\u306e\u4fe1\u983c\u3067\u304d\u306a\u3044\u30ec\u30b3\u30fc\u30c9\u3092\u53d7\u3051\u5165\u308c\u3001\u30ad\u30e3\u30c3\u30b7\u30e5\u6c5a\u67d3\u304c\u751f\u3058\u308b\u8106\u5f31\u6027\u3002\u7d30\u5de5\u3057\u305f\u5fdc\u7b54\u3084\u30d5\u30e9\u30b0\u30e1\u30f3\u30c6\u30fc\u30b7\u30e7\u30f3\u653b\u6483\u306a\u3069\u306e\u304a\u305d\u308c\u304c\u3042\u308b\u3002\n\n\u4e00\u65b9\u300cCVE-2026-33278\u300d\u306f\u3001\u89e3\u653e\u5f8c\u306e\u30e1\u30e2\u30ea\u3092\u4f7f\u7528\u3059\u308b...", "creation_timestamp": "2026-06-20T13:23:38.382347Z"}, {"uuid": "542d8fe6-72b3-4db0-b40d-1a7517865620", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42960", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3motnei5bc72j", "content": "\ud83d\udea8  ALERT: CVE-2026-42960\n\nCVSS 10.0/10\n\n\ud83d\udccb WHAT IT IS:\nNLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that complement DNS replies in the authority section can be used to trick Unbound to cache such", "creation_timestamp": "2026-06-22T00:36:22.532082Z"}]}