Unbound

by NLnet Labsv1.25.1

Last updated Jun 8, 2026

Unbound is a validating, recursive, caching DNS resolver.

Install with winget

$ winget install --id NLnetLabs.Unbound --exact --version 1.25.1

Run in Command Prompt, PowerShell, or Windows Terminal. Prompts for any agreements.

Silent install command for Unbound

Unbound uses EXE (NSIS). The silent install switches are /S.

One-line silent install (x86)

unbound_setup_1.25.1.exe /S

See the full silent install reference for Unbound →

Built by Pckgr

For Intune admins

Stop chasing app updates. Pckgr patches them for you.

Automated application patching for Microsoft Intune. Pckgr keeps a curated library of 1,000+ apps continuously up-to-date in your tenant via Microsoft Graph - no manual repackaging, no chasing vendor sites.

Start free 30-day trial

No credit card required.

Installers · v1.25.1

Architecture	Type	Scope	Install	Download
x86	EXE NSIS	-		Direct

Copy a command tailored to that specific architecture, type, and scope - useful when winget would otherwise pick a different default.

Security

21 known CVEs via NVD

medium5.9Patched in wingetCVE-2026-44608affects before 1.25.1May 20, 2026
NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are met (multi-threaded, RPZ XFR reload, RPZ zone with 'rpz-nsip'/'rpz-nsdname' triggers) it could result in heap use-after-free and eventual crash...
Vendor advisory
medium5.3Patched in wingetCVE-2026-44390affects before 1.25.1May 20, 2026
NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability when handling replies with very large RRsets that Unbound needs to perform name compression for. Malicious upstream responses with very large RRsets with records that don't share a suffix above the root ca...
Vendor advisory
critical10.0Patched in wingetCVE-2026-42960affects before 1.25.1May 20, 2026
NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that complement DNS replies in the authority section can be used to trick Unbound to cache such records. If an adversary is able...
Vendor advisory
high7.5Patched in wingetCVE-2026-42959affects before 1.25.1May 20, 2026
NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to calculat...
Vendor advisory
high7.5Patched in wingetCVE-2026-42944affects before 1.25.1May 20, 2026
NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in the reply packet. The relevant options ('nsid', 'answer-cookie', 'pad-responses' (defa...
Vendor advisory
medium5.3Patched in wingetCVE-2026-42923affects before 1.25.1May 20, 2026
NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the DNSSEC validator where the code path to consult the negative cache for DS records does not take into account the limit on NSEC3 hash calculations introduced in 1.19.1. This leads to degradation of s...
Vendor advisory
medium5.3Patched in wingetCVE-2026-42534affects before 1.25.1May 20, 2026
NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the jostle logic that could defeat its purpose and degrade resolution performance. Retransmits of the same query could renew the age of slow running queries and not allow the jostle logic to see them as...
Vendor advisory
high7.5Patched in wingetCVE-2026-41292affects before 1.25.1May 20, 2026
NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service attack related to parsing long lists of incoming EDNS options. An adversary sending queries with too many EDNS options can hold Unbound threads hostage while they are parsing and crea...
Vendor advisory

Showing 8 of 21. Source: NVD, updated 3h ago. Patch status is best-effort: NVD's fix version is compared against the latest version in winget, but the two version formats don't always align. Confirm with the vendor advisory before treating any specific build as safe.

See a CVE that affects your fleet? Push the patched version to Intune in one click with Pckgr - automated patching is the only way to keep up.

Frequently asked questions

How do I install Unbound on Windows?

Open Windows Terminal, PowerShell, or Command Prompt and run: winget install --id NLnetLabs.Unbound --exact --version 1.25.1. winget downloads the installer from NLnet Labs and runs it. Requires Windows 10 (1809+) or Windows 11.

How do I install Unbound silently for unattended deployment?

Add --silent and accept the agreements upfront: winget install --id NLnetLabs.Unbound --exact 1.25.1 --silent --accept-package-agreements --accept-source-agreements. This is the variant Intune, Configuration Manager, and other deployment tools should use.

What are the silent install switches for Unbound?

Unbound uses EXE (NSIS). Run the downloaded installer with: unbound_setup_1.25.1.exe /S. The silent switches are /S.

How do I uninstall Unbound via winget?

Run: winget uninstall --id NLnetLabs.Unbound --exact. Add --silent for unattended uninstalls. winget will use the registered uninstaller from Unbound's Apps & Features entry.

Is Unbound free?

Unbound is distributed under BSD license. Refer to the publisher for the full license terms - Wingetly itself does not charge for installation.

Does Unbound work on Windows 10?

Yes, as long as your Windows 10 build supports winget (1809 or newer). winget ships with App Installer on Windows 10/11 and pulls Unbound directly from the publisher.

How do I keep Unbound up to date?

Run winget upgrade --id NLnetLabs.Unbound --exact, or winget upgrade --all to update everything winget tracks. We index 10 versions of Unbound from microsoft/winget-pkgs.

Recent versions

1.25.1latest
1.25.0
1.24.2
1.24.1
1.24.0
1.23.1
1.23.0
1.22.0
1.19.3
1.19.2