CVE-2026-33278 (unbound RCE) affecting other services

Comments

• totally_not_banned Member

  May 23

  You should rename yourself to pechgoblin. Whenever you post something terrible has happened.

  Thanked by 4tentor glueckself buggedout ralf
• Levi Member

  May 23

  Like a fckin black cat. Holy shit man.

  Thanked by 1glueckself
• rpqu Member

  May 23

  fuck
• glueckself Member

  May 23

  @totally_not_banned said:
  You should rename yourself to pechgoblin. Whenever you post something terrible has happened.

  I promise it's just a phase. I used to bring joy and sunshine into peoples life.

  (also, pechgoblin, I love it, thanks!)

  @Levi said:
  Like a fckin black cat. Holy shit man.

  Don't say anything against black cats. They might be too dumb to drink water without waterboarding themselves (at least ours is), but they are cute and cuddly (at least ours is ).

  @rpqu said:
  fuck

  I wholeheartedly agree.

  But, can anyone confirm that my suspicion is right? Or even better, tell me I'm dumb and OpenDKIM/Prosody are fine.
• Yachiyo Member

  May 23

  No SRE is going to have any moment to spare this year. 😇
• tentor Member, Host Rep

  May 23

  @Yachiyo said:
  No SRE is going to have any moment to spare this year. 😇

  Are you threatening them?
• CloudHopper Member

  May 23

  Looks like it affects cPanel
  https://support.cpanel.net/hc/en-us/articles/40646746647703-Security-CVE-2026-33278-cpanel-unbound-1-25-1-Security-Release-May-21-2026

  Thanked by 2oloke AudioDoge
• Levi Member

  May 23

  @tentor said:

  @Yachiyo said:
  No SRE is going to have any moment to spare this year. 😇

  Are you threatening them?

  Who’s threatening cornholio?
• emperor Member

  May 23

  Another weekend, another one. Fuck

  Thanked by 1oloke
• AudioDoge Member

  May 23

  @CloudHopper said:
  Looks like it affects cPanel
  https://support.cpanel.net/hc/en-us/articles/40646746647703-Security-CVE-2026-33278-cpanel-unbound-1-25-1-Security-Release-May-21-2026

  There are likely few budget shared hosting providers that have never updated cPanel. Reputable providers will ensure updates are performed. But I am referring to those providers that were established as side hussles and then subsequently neglected.

  Script kiddies going to have a field day.

  @glueckself said: unbound itself, but everything using libunbound

  I am curious to see how this will unfold, as Unbound is not only used in infrastructure as a resolver but is also frequently employed in hobby projects and home lab setups. Therefore, this may impact less experienced users more compared to the previous vulnerabilities.
• zed Member

  May 23

  its not real unless i have to reboot sorry
• AudioDoge Member

  May 23

  @zed said:
  its not real unless i have to reboot sorry

  Bonus points if the fix that requires a reboot breaks grub.

  Thanked by 1zed
• glueckself Member

  May 27

  Since this isn't fixed for a week now in Debian, I decided to patch it myself.
  I have a deb for trixie if someone needs it, but its quite easy to build it yourself (which I'd recommend over trusting random pechgoblins on the internet )