Security Report: DNS query handling vulnerabilities in NextDNS resolver

Hi NextDNS team,

We are security researchers.

We have identified vulnerabilities in how the NextDNS resolver handles certain malformed DNS queries. These issues can lead to cache poisoning and covert channel attacks.

We sent a detailed report with full technical analysis and PoC to support@nextdns.io on February 15, 2026, but only received an automated reply. Could someone from the security team please follow up?

We are happy to provide any additional information needed.

Thank you.