cvedb.io
CVE-2026-12246
HIGH · CVSS 8.1
EPSS exploitation probability: 0%
Published 2026-06-25T07:16:45.197 · Last modified 2026-06-26T02:07:47.920

Summary

NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an adflength larger than permitted for the address family will overwrite the stack when the zone is written to disk, with a maximum of 111 attacker controlled bytes.

Affected products

nlnetlabs — nsd

Does this affect you?

Add your gear to cvedb and we'll alert you only when nlnetlabs ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.