MNBSD-2026-49: "Ghost domain name" variant

Severity: Unknown

Affected Package: unbound

Summary: "Ghost domain name" variant

Description

A variant of the "Ghost domain name" attack allows a revoked/expired domain to remain resolvable via cache manipulation. Reported by Qifan Zhang, Palo Alto Networks.

Affected Versions

unbound

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2026-40622

Published: June 11, 2026
Last Modified: June 11, 2026