In [Turris OS 9.0.5](https://gitlab.nic.cz/turris/os/packages/-/blob/v9.0.5/net/unbound/Makefile#L11) and earlier, the ``unbound`` **package hasn't been updated in over two years**, which poses a significant risk to Turris users relying on it. For comparison, OpenWrt 24.10 already includes unbound version 1.24.2. Consequently, the current version (1.19.3) in Turris OS is vulnerable to several known exploits: - DNSBomb - CVE-2024-33655 - CVE-2024-8508 - Rebirthday Attack CVE-2025-5994 - CVE-2025-11411 - CVE-2025-11411 Although Knot Resolver is the default primary DNS resolver, users have the option to switch, meaning unbound could still be actively used by a large portion of the user base. It is unfortunate that the update proposed in https://gitlab.nic.cz/turris/os/packages/-/merge_requests/1304 seems to be stalled.