Vulnerability-Lookup

WID-SEC-W-2026-1626

Vulnerability from csaf_certbund - Published: 2026-05-20 22:00 - Updated: 2026-06-11 22:00

Summary

Internet Systems Consortium BIND: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: BIND (Berkeley Internet Name Domain) ist ein Open-Source-Softwarepaket, das einen Domain-Name-System-Server implementiert.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Internet Systems Consortium BIND ausnutzen, um eine Speicherbeschädigung auszulösen oder einen Denial-of-Service-Zustand zu verursachen.

Betroffene Betriebssysteme: - Linux - UNIX - Windows

CVE-2026-3039

Affected products

Known affected 13 products

Product	Identifier	Version
Internet Systems Consortium BIND <9.18.49 Internet Systems Consortium / BIND		<9.18.49
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Infoblox NIOS Infoblox	`cpe:/o:infoblox:nios:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Internet Systems Consortium BIND <9.21.22 Internet Systems Consortium / BIND		<9.21.22
Internet Systems Consortium BIND <9.20.23 Internet Systems Consortium / BIND		<9.20.23
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2026-3592

Affected products

Known affected 13 products

Product	Identifier	Version
Internet Systems Consortium BIND <9.18.49 Internet Systems Consortium / BIND		<9.18.49
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Infoblox NIOS Infoblox	`cpe:/o:infoblox:nios:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Internet Systems Consortium BIND <9.21.22 Internet Systems Consortium / BIND		<9.21.22
Internet Systems Consortium BIND <9.20.23 Internet Systems Consortium / BIND		<9.20.23
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2026-5946

Affected products

Known affected 13 products

Product	Identifier	Version
Internet Systems Consortium BIND <9.18.49 Internet Systems Consortium / BIND		<9.18.49
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Infoblox NIOS Infoblox	`cpe:/o:infoblox:nios:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Internet Systems Consortium BIND <9.21.22 Internet Systems Consortium / BIND		<9.21.22
Internet Systems Consortium BIND <9.20.23 Internet Systems Consortium / BIND		<9.20.23
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2026-5950

Affected products

Known affected 13 products

Product	Identifier	Version
Internet Systems Consortium BIND <9.18.49 Internet Systems Consortium / BIND		<9.18.49
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Infoblox NIOS Infoblox	`cpe:/o:infoblox:nios:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Internet Systems Consortium BIND <9.21.22 Internet Systems Consortium / BIND		<9.21.22
Internet Systems Consortium BIND <9.20.23 Internet Systems Consortium / BIND		<9.20.23
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2026-3593

Affected products

Known affected 12 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Infoblox NIOS Infoblox	`cpe:/o:infoblox:nios:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Internet Systems Consortium BIND <9.21.22 Internet Systems Consortium / BIND		<9.21.22
Internet Systems Consortium BIND <9.20.23 Internet Systems Consortium / BIND		<9.20.23

CVE-2026-5947

Affected products

Known affected 12 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Infoblox NIOS Infoblox	`cpe:/o:infoblox:nios:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Internet Systems Consortium BIND <9.21.22 Internet Systems Consortium / BIND		<9.21.22
Internet Systems Consortium BIND <9.20.23 Internet Systems Consortium / BIND		<9.20.23

References

38 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://downloads.isc.org/isc/bind9/9.18.49/	external
https://downloads.isc.org/isc/bind9/9.20.23/	external
https://downloads.isc.org/isc/bind9/9.21.22/	external
https://kb.isc.org/docs/cve-2026-3039	external
https://kb.isc.org/docs/cve-2026-3592	external
https://kb.isc.org/docs/cve-2026-3593	external
https://kb.isc.org/docs/cve-2026-5946	external
https://kb.isc.org/docs/cve-2026-5947	external
https://kb.isc.org/docs/cve-2026-5950	external
https://support.infoblox.com/s/article/Infoblox-N…	external
https://lists.debian.org/debian-security-announce…	external
https://ubuntu.com/security/notices/USN-8293-1	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://access.redhat.com/errata/RHSA-2026:7412	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://access.redhat.com/errata/RHSA-2026:20334	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://lists.opensuse.org/archives/list/security…	external
https://linux.oracle.com/errata/ELSA-2026-23360.html	external
https://access.redhat.com/errata/RHSA-2026:23360	external
https://lists.opensuse.org/archives/list/security…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://errata.build.resf.org/RLSA-2026:23360	external
https://access.redhat.com/errata/RHSA-2026:24338	external
https://access.redhat.com/errata/RHSA-2026:24367	external
https://access.redhat.com/errata/RHSA-2026:24339	external
https://alas.aws.amazon.com/AL2/ALAS2-2026-3353.html	external
https://alas.aws.amazon.com/AL2/ALAS2-2026-3321.html	external
https://access.redhat.com/errata/RHSA-2026:24368	external
http://linux.oracle.com/errata/ELSA-2026-24339.html	external
https://errata.build.resf.org/RLSA-2026:24339	external
https://errata.build.resf.org/RLSA-2026:24368	external
https://errata.build.resf.org/RLSA-2026:24338	external
https://errata.build.resf.org/RLSA-2026:24367	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "BIND (Berkeley Internet Name Domain) ist ein Open-Source-Softwarepaket, das einen Domain-Name-System-Server implementiert.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Internet Systems Consortium BIND ausnutzen, um eine Speicherbesch\u00e4digung auszul\u00f6sen oder einen Denial-of-Service-Zustand zu verursachen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1626 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1626.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1626 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1626"
      },
      {
        "category": "external",
        "summary": "Bind Version 9.18.49 vom 2026-05-20",
        "url": "https://downloads.isc.org/isc/bind9/9.18.49/"
      },
      {
        "category": "external",
        "summary": "Bind Version 9.20.23 vom 2026-05-20",
        "url": "https://downloads.isc.org/isc/bind9/9.20.23/"
      },
      {
        "category": "external",
        "summary": "Bind Version 9.21.22 vom 2026-05-20",
        "url": "https://downloads.isc.org/isc/bind9/9.21.22/"
      },
      {
        "category": "external",
        "summary": "ISC Vulnerability CVE-2026-3039: BIND 9 server memory exhaustion during GSS-API TKEY negotiation vom 2026-05-20",
        "url": "https://kb.isc.org/docs/cve-2026-3039"
      },
      {
        "category": "external",
        "summary": "ISC Vulnerability CVE-2026-3592: Amplification vulnerabilities via self-pointed glue records vom 2026-05-20",
        "url": "https://kb.isc.org/docs/cve-2026-3592"
      },
      {
        "category": "external",
        "summary": "ISC Vulnerability CVE-2026-3593: Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation vom 2026-05-20",
        "url": "https://kb.isc.org/docs/cve-2026-3593"
      },
      {
        "category": "external",
        "summary": "ISC Vulnerability CVE-2026-5946: Invalid handling of CLASS != IN vom 2026-05-20",
        "url": "https://kb.isc.org/docs/cve-2026-5946"
      },
      {
        "category": "external",
        "summary": "ISC Vulnerability CVE-2026-5947: SIG(0) validation during query flood may lead to undefined behavior vom 2026-05-20",
        "url": "https://kb.isc.org/docs/cve-2026-5947"
      },
      {
        "category": "external",
        "summary": "ISC Vulnerability CVE-2026-5950: Unbounded resend loop in BIND 9 resolver vom 2026-05-20",
        "url": "https://kb.isc.org/docs/cve-2026-5950"
      },
      {
        "category": "external",
        "summary": "Infoblox Advisory 5950 vom 2026-05-21",
        "url": "https://support.infoblox.com/s/article/Infoblox-NIOS-is-vulnerable-to-BIND-CVEs-000011898"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6285 vom 2026-05-21",
        "url": "https://lists.debian.org/debian-security-announce/2026/msg00196.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-8293-1 vom 2026-05-21",
        "url": "https://ubuntu.com/security/notices/USN-8293-1"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2026-411248C8D9 vom 2026-05-21",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-411248c8d9"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:7412 vom 2026-05-21",
        "url": "https://access.redhat.com/errata/RHSA-2026:7412"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2026-B626E83A45 vom 2026-05-21",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-b626e83a45"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:20334 vom 2026-05-22",
        "url": "https://access.redhat.com/errata/RHSA-2026:20334"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2026-F3E466EA26 vom 2026-05-25",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-f3e466ea26"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10874-1 vom 2026-05-29",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZBFTOKBLT6N2MLN2HMBY53GPPUNLRZIN/"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-23360 vom 2026-06-05",
        "url": "https://linux.oracle.com/errata/ELSA-2026-23360.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:23360 vom 2026-06-04",
        "url": "https://access.redhat.com/errata/RHSA-2026:23360"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10915-1 vom 2026-06-03",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QLTNAB7LWVOD4ZHQ2PI6W4ZTHKKIVEH2/"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2026-DBB0776AC5 vom 2026-06-05",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-dbb0776ac5"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2026-EC095A4675 vom 2026-06-05",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-ec095a4675"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:2289-1 vom 2026-06-05",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026596.html"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:23360 vom 2026-06-06",
        "url": "https://errata.build.resf.org/RLSA-2026:23360"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:24338 vom 2026-06-08",
        "url": "https://access.redhat.com/errata/RHSA-2026:24338"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:24367 vom 2026-06-08",
        "url": "https://access.redhat.com/errata/RHSA-2026:24367"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:24339 vom 2026-06-08",
        "url": "https://access.redhat.com/errata/RHSA-2026:24339"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2026-3353 vom 2026-06-09",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3353.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2026-3321 vom 2026-06-09",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3321.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:24368 vom 2026-06-08",
        "url": "https://access.redhat.com/errata/RHSA-2026:24368"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-24339 vom 2026-06-08",
        "url": "http://linux.oracle.com/errata/ELSA-2026-24339.html"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:24339 vom 2026-06-11",
        "url": "https://errata.build.resf.org/RLSA-2026:24339"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:24368 vom 2026-06-11",
        "url": "https://errata.build.resf.org/RLSA-2026:24368"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:24338 vom 2026-06-11",
        "url": "https://errata.build.resf.org/RLSA-2026:24338"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:24367 vom 2026-06-11",
        "url": "https://errata.build.resf.org/RLSA-2026:24367"
      }
    ],
    "source_lang": "en-US",
    "title": "Internet Systems Consortium BIND: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-06-11T22:00:00.000+00:00",
      "generator": {
        "date": "2026-06-12T07:38:13.709+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-1626",
      "initial_release_date": "2026-05-20T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-05-20T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-05-21T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Ubuntu, Fedora und Red Hat aufgenommen"
        },
        {
          "date": "2026-05-25T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2026-05-31T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2026-06-04T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Oracle Linux, Red Hat und openSUSE aufgenommen"
        },
        {
          "date": "2026-06-07T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Fedora, SUSE, Rocky Enterprise Software Foundation und Red Hat aufgenommen"
        },
        {
          "date": "2026-06-08T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Amazon, Red Hat und Oracle Linux aufgenommen"
        },
        {
          "date": "2026-06-10T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
        },
        {
          "date": "2026-06-11T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
        }
      ],
      "status": "final",
      "version": "9"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Infoblox NIOS",
            "product": {
              "name": "Infoblox NIOS",
              "product_id": "T014068",
              "product_identification_helper": {
                "cpe": "cpe:/o:infoblox:nios:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Infoblox"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c9.18.49",
                "product": {
                  "name": "Internet Systems Consortium BIND \u003c9.18.49",
                  "product_id": "T054453"
                }
              },
              {
                "category": "product_version",
                "name": "9.18.49",
                "product": {
                  "name": "Internet Systems Consortium BIND 9.18.49",
                  "product_id": "T054453-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:isc:bind:9.18.49"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.20.23",
                "product": {
                  "name": "Internet Systems Consortium BIND \u003c9.20.23",
                  "product_id": "T054454"
                }
              },
              {
                "category": "product_version",
                "name": "9.20.23",
                "product": {
                  "name": "Internet Systems Consortium BIND 9.20.23",
                  "product_id": "T054454-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:isc:bind:9.20.23"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.21.22",
                "product": {
                  "name": "Internet Systems Consortium BIND \u003c9.21.22",
                  "product_id": "T054455"
                }
              },
              {
                "category": "product_version",
                "name": "9.21.22",
                "product": {
                  "name": "Internet Systems Consortium BIND 9.21.22",
                  "product_id": "T054455-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:isc:bind:9.21.22"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "BIND"
          }
        ],
        "category": "vendor",
        "name": "Internet Systems Consortium"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "RESF Rocky Linux",
            "product": {
              "name": "RESF Rocky Linux",
              "product_id": "T032255",
              "product_identification_helper": {
                "cpe": "cpe:/o:resf:rocky_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "RESF"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-3039",
      "product_status": {
        "known_affected": [
          "T054453",
          "67646",
          "T004914",
          "T014068",
          "T032255",
          "74185",
          "T054455",
          "T054454",
          "2951",
          "T002207",
          "T000126",
          "T027843",
          "398363"
        ]
      },
      "release_date": "2026-05-20T22:00:00.000+00:00",
      "title": "CVE-2026-3039"
    },
    {
      "cve": "CVE-2026-3592",
      "product_status": {
        "known_affected": [
          "T054453",
          "67646",
          "T004914",
          "T014068",
          "T032255",
          "74185",
          "T054455",
          "T054454",
          "2951",
          "T002207",
          "T000126",
          "T027843",
          "398363"
        ]
      },
      "release_date": "2026-05-20T22:00:00.000+00:00",
      "title": "CVE-2026-3592"
    },
    {
      "cve": "CVE-2026-5946",
      "product_status": {
        "known_affected": [
          "T054453",
          "67646",
          "T004914",
          "T014068",
          "T032255",
          "74185",
          "T054455",
          "T054454",
          "2951",
          "T002207",
          "T000126",
          "T027843",
          "398363"
        ]
      },
      "release_date": "2026-05-20T22:00:00.000+00:00",
      "title": "CVE-2026-5946"
    },
    {
      "cve": "CVE-2026-5950",
      "product_status": {
        "known_affected": [
          "T054453",
          "67646",
          "T004914",
          "T014068",
          "T032255",
          "74185",
          "T054455",
          "T054454",
          "2951",
          "T002207",
          "T000126",
          "T027843",
          "398363"
        ]
      },
      "release_date": "2026-05-20T22:00:00.000+00:00",
      "title": "CVE-2026-5950"
    },
    {
      "cve": "CVE-2026-3593",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T027843",
          "398363",
          "T004914",
          "T014068",
          "T032255",
          "74185",
          "T054455",
          "T054454"
        ]
      },
      "release_date": "2026-05-20T22:00:00.000+00:00",
      "title": "CVE-2026-3593"
    },
    {
      "cve": "CVE-2026-5947",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T027843",
          "398363",
          "T004914",
          "T014068",
          "T032255",
          "74185",
          "T054455",
          "T054454"
        ]
      },
      "release_date": "2026-05-20T22:00:00.000+00:00",
      "title": "CVE-2026-5947"
    }
  ]
}

CVE-2026-3039 (GCVE-0-2026-3039)

Vulnerability from cvelistv5 – Published: 2026-05-20 13:09 – Updated: 2026-05-20 13:43

Title

BIND 9 server memory exhaustion during GSS-API TKEY negotiation

Summary

BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS deployments and/or Kerberos-secured DNS environments. This issue affects BIND 9 versions 9.0.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.9.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-771 - Missing Reference to Active Allocated Resource

Assigner

isc

References

4 references

URL	Tags
https://kb.isc.org/docs/cve-2026-3039	vendor-advisory
https://downloads.isc.org/isc/bind9/9.18.49	patch
https://downloads.isc.org/isc/bind9/9.20.23	patch
https://downloads.isc.org/isc/bind9/9.21.22	patch

Impacted products

1 product

Vendor	Product	Version
ISC	BIND 9	Affected: 9.0.0 , ≤ 9.16.50 (custom) Affected: 9.18.0 , ≤ 9.18.48 (custom) Affected: 9.20.0 , ≤ 9.20.22 (custom) Affected: 9.21.0 , ≤ 9.21.21 (custom) Affected: 9.9.3-S1 , ≤ 9.16.50-S1 (custom) Affected: 9.18.11-S1 , ≤ 9.18.48-S1 (custom) Affected: 9.20.9-S1 , ≤ 9.20.22-S1 (custom)

Date Public

2026-05-20 00:00

Credits

ISC would like to thank Vitaly Simonovich for bringing this vulnerability to our attention.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-3039",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-20T13:42:49.621351Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-20T13:43:00.275Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "BIND 9",
          "vendor": "ISC",
          "versions": [
            {
              "lessThanOrEqual": "9.16.50",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.18.48",
              "status": "affected",
              "version": "9.18.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.20.22",
              "status": "affected",
              "version": "9.20.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.21.21",
              "status": "affected",
              "version": "9.21.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.16.50-S1",
              "status": "affected",
              "version": "9.9.3-S1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.18.48-S1",
              "status": "affected",
              "version": "9.18.11-S1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.20.22-S1",
              "status": "affected",
              "version": "9.20.9-S1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.16.50",
                  "versionStartIncluding": "9.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.18.48",
                  "versionStartIncluding": "9.18.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.20.22",
                  "versionStartIncluding": "9.20.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.21.21",
                  "versionStartIncluding": "9.21.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.16.50-S1",
                  "versionStartIncluding": "9.9.3-S1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.18.48-S1",
                  "versionStartIncluding": "9.18.11-S1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.20.22-S1",
                  "versionStartIncluding": "9.20.9-S1",
                  "vulnerable": true
                }
              ],
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ISC would like to thank Vitaly Simonovich for bringing this vulnerability to our attention."
        }
      ],
      "datePublic": "2026-05-20T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets.  Typically these servers will be found in Active Directory integrated DNS deployments and/or Kerberos-secured DNS environments.\nThis issue affects BIND 9 versions 9.0.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.9.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "We are not aware of any active exploits."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "An attacker can construct and send packets to a BIND server that will cause it to allocate memory that is not subsequently released.  Depending on the volume and frequency of the packets received, named will eventually fail due to memory exhaustion."
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-771",
              "description": "CWE-771 Missing Reference to Active Allocated Resource",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-20T13:09:04.126Z",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "name": "CVE-2026-3039",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.isc.org/docs/cve-2026-3039"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://downloads.isc.org/isc/bind9/9.18.49"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://downloads.isc.org/isc/bind9/9.20.23"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://downloads.isc.org/isc/bind9/9.21.22"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.49, 9.20.23, 9.21.22, 9.18.49-S1, or 9.20.23-S1."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "BIND 9 server memory exhaustion during GSS-API TKEY negotiation",
      "workarounds": [
        {
          "lang": "en",
          "value": "No workarounds known."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2026-3039",
    "datePublished": "2026-05-20T13:09:04.126Z",
    "dateReserved": "2026-02-23T16:28:45.411Z",
    "dateUpdated": "2026-05-20T13:43:00.275Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-3592 (GCVE-0-2026-3592)

Vulnerability from cvelistv5 – Published: 2026-05-20 13:09 – Updated: 2026-05-20 13:42

Title

Amplification vulnerabilities via self-pointed glue records

Summary

BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to a specially crafted zone, the resolver will consume disproportionate resources. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1.

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-408 - Incorrect Behavior Order - Early Amplification

Assigner

isc

References

4 references

URL	Tags
https://kb.isc.org/docs/cve-2026-3592	vendor-advisory
https://downloads.isc.org/isc/bind9/9.18.49	patch
https://downloads.isc.org/isc/bind9/9.20.23	patch
https://downloads.isc.org/isc/bind9/9.21.22	patch

Impacted products

1 product

Vendor	Product	Version
ISC	BIND 9	Affected: 9.11.0 , ≤ 9.16.50 (custom) Affected: 9.18.0 , ≤ 9.18.48 (custom) Affected: 9.20.0 , ≤ 9.20.22 (custom) Affected: 9.21.0 , ≤ 9.21.21 (custom) Affected: 9.11.3-S1 , ≤ 9.16.50-S1 (custom) Affected: 9.18.11-S1 , ≤ 9.18.48-S1 (custom) Affected: 9.20.9-S1 , ≤ 9.20.22-S1 (custom)

Date Public

2026-05-20 00:00

Credits

ISC would like to thank Shuhan Zhang from Tsinghua University for bringing this vulnerability to our attention.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-3592",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-20T13:42:13.661954Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-20T13:42:21.764Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "BIND 9",
          "vendor": "ISC",
          "versions": [
            {
              "lessThanOrEqual": "9.16.50",
              "status": "affected",
              "version": "9.11.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.18.48",
              "status": "affected",
              "version": "9.18.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.20.22",
              "status": "affected",
              "version": "9.20.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.21.21",
              "status": "affected",
              "version": "9.21.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.16.50-S1",
              "status": "affected",
              "version": "9.11.3-S1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.18.48-S1",
              "status": "affected",
              "version": "9.18.11-S1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.20.22-S1",
              "status": "affected",
              "version": "9.20.9-S1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.16.50",
                  "versionStartIncluding": "9.11.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.18.48",
                  "versionStartIncluding": "9.18.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.20.22",
                  "versionStartIncluding": "9.20.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.21.21",
                  "versionStartIncluding": "9.21.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.16.50-S1",
                  "versionStartIncluding": "9.11.3-S1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.18.48-S1",
                  "versionStartIncluding": "9.18.11-S1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.20.22-S1",
                  "versionStartIncluding": "9.20.9-S1",
                  "vulnerable": true
                }
              ],
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ISC would like to thank Shuhan Zhang from Tsinghua University for bringing this vulnerability to our attention."
        }
      ],
      "datePublic": "2026-05-20T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack.  If a victim resolver makes a query to a specially crafted zone, the resolver will consume disproportionate resources.\nThis issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "We are not aware of any active exploits."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "An attacker may be able to cause the resolver to consume disproportionate amounts of bandwidth in the attempt to resolve the name.  Impairment of TCP may also be seen.\nThe issue predominately affects recursive resolvers.  Authoritative-only servers containing only trustworthy zones and names should be unaffected.  If an authoritative server can be induced to look up an attack domain (e.g., if loading a zone from an untrusted source), it may be possible to trigger the issue."
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-408",
              "description": "CWE-408 Incorrect Behavior Order - Early Amplification",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-20T13:09:21.547Z",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "name": "CVE-2026-3592",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.isc.org/docs/cve-2026-3592"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://downloads.isc.org/isc/bind9/9.18.49"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://downloads.isc.org/isc/bind9/9.20.23"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://downloads.isc.org/isc/bind9/9.21.22"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.49, 9.20.23, 9.21.22, 9.18.49-S1, or 9.20.23-S1."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Amplification vulnerabilities via self-pointed glue records",
      "workarounds": [
        {
          "lang": "en",
          "value": "No workarounds known."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2026-3592",
    "datePublished": "2026-05-20T13:09:21.547Z",
    "dateReserved": "2026-03-05T12:53:33.956Z",
    "dateUpdated": "2026-05-20T13:42:21.764Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-3593 (GCVE-0-2026-3593)

Vulnerability from cvelistv5 – Published: 2026-05-20 13:09 – Updated: 2026-05-20 13:40

Title

Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation

Summary

A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected.

Severity

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-416 - Use After Free

Assigner

isc

References

3 references

URL	Tags
https://kb.isc.org/docs/cve-2026-3593	vendor-advisory
https://downloads.isc.org/isc/bind9/9.20.23	patch
https://downloads.isc.org/isc/bind9/9.21.22	patch

Impacted products

1 product

Vendor	Product	Version
ISC	BIND 9	Affected: 9.20.0 , ≤ 9.20.22 (custom) Affected: 9.21.0 , ≤ 9.21.21 (custom) Affected: 9.20.9-S1 , ≤ 9.20.22-S1 (custom) Unaffected: 9.18.0 , ≤ 9.18.48 (custom) Unaffected: 9.18.11-S1 , ≤ 9.18.48-S1 (custom)

Date Public

2026-05-20 00:00

Credits

ISC would like to thank Naresh Kandula Parmar (Nottiboy) for bringing this vulnerability to our attention.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-3593",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-20T13:40:34.896109Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-20T13:40:45.166Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "BIND 9",
          "vendor": "ISC",
          "versions": [
            {
              "lessThanOrEqual": "9.20.22",
              "status": "affected",
              "version": "9.20.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.21.21",
              "status": "affected",
              "version": "9.21.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.20.22-S1",
              "status": "affected",
              "version": "9.20.9-S1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.18.48",
              "status": "unaffected",
              "version": "9.18.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.18.48-S1",
              "status": "unaffected",
              "version": "9.18.11-S1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.20.22",
                  "versionStartIncluding": "9.20.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.21.21",
                  "versionStartIncluding": "9.21.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.20.22-S1",
                  "versionStartIncluding": "9.20.9-S1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.18.48",
                  "versionStartIncluding": "9.18.0",
                  "vulnerable": false
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.18.48-S1",
                  "versionStartIncluding": "9.18.11-S1",
                  "vulnerable": false
                }
              ],
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ISC would like to thank Naresh Kandula Parmar (Nottiboy) for bringing this vulnerability to our attention."
        }
      ],
      "datePublic": "2026-05-20T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A use-after-free vulnerability exists within the DNS-over-HTTPS implementation.\nThis issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1.\nBIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "We are not aware of any active exploits."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Crafted HTTP/2 traffic sent to a DNS-over-HTTPS endpoint can be used to trigger memory corruption."
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-20T13:09:47.178Z",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "name": "CVE-2026-3593",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.isc.org/docs/cve-2026-3593"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://downloads.isc.org/isc/bind9/9.20.23"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://downloads.isc.org/isc/bind9/9.21.22"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.20.23, 9.21.22, or 9.20.23-S1."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation",
      "workarounds": [
        {
          "lang": "en",
          "value": "Configurations not using DNS-over-HTTPS should not be affected.  Disabling DNS-over-HTTPS is likewise an effective workaround."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2026-3593",
    "datePublished": "2026-05-20T13:09:47.178Z",
    "dateReserved": "2026-03-05T12:57:16.981Z",
    "dateUpdated": "2026-05-20T13:40:45.166Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-5946 (GCVE-0-2026-5946)

Vulnerability from cvelistv5 – Published: 2026-05-20 13:10 – Updated: 2026-05-20 13:40

Title

Invalid handling of CLASS != IN

Summary

Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `CHAOS` or `HESIOD`, or DNS messages that specify meta-classes (`ANY` or `NONE`) in the question section. Specially crafted requests reaching the affected code paths — recursion, dynamic updates (`UPDATE`), zone change notifications (`NOTIFY`), or processing of `IN`-specific record types in non-`IN` data — can cause assertion failures in `named`. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-20 - Improper Input Validation
CWE-125 - Out-of-bounds Read
CWE-617 - Reachable Assertion
CWE-754 - Improper Check for Unusual or Exceptional Conditions
CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Assigner

isc

References

4 references

URL	Tags
https://kb.isc.org/docs/cve-2026-5946	vendor-advisory
https://downloads.isc.org/isc/bind9/9.18.49	patch
https://downloads.isc.org/isc/bind9/9.20.23	patch
https://downloads.isc.org/isc/bind9/9.21.22	patch

Impacted products

1 product

Vendor	Product	Version
ISC	BIND 9	Affected: 9.11.0 , ≤ 9.16.50 (custom) Affected: 9.18.0 , ≤ 9.18.48 (custom) Affected: 9.20.0 , ≤ 9.20.22 (custom) Affected: 9.21.0 , ≤ 9.21.21 (custom) Affected: 9.11.3-S1 , ≤ 9.16.50-S1 (custom) Affected: 9.18.11-S1 , ≤ 9.18.48-S1 (custom) Affected: 9.20.9-S1 , ≤ 9.20.22-S1 (custom)

Date Public

2026-05-20 00:00

Credits

ISC would like to thank Mcsky23 for bringing this vulnerability to our attention.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-5946",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-20T13:40:04.619504Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-20T13:40:20.966Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "BIND 9",
          "vendor": "ISC",
          "versions": [
            {
              "lessThanOrEqual": "9.16.50",
              "status": "affected",
              "version": "9.11.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.18.48",
              "status": "affected",
              "version": "9.18.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.20.22",
              "status": "affected",
              "version": "9.20.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.21.21",
              "status": "affected",
              "version": "9.21.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.16.50-S1",
              "status": "affected",
              "version": "9.11.3-S1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.18.48-S1",
              "status": "affected",
              "version": "9.18.11-S1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.20.22-S1",
              "status": "affected",
              "version": "9.20.9-S1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.16.50",
                  "versionStartIncluding": "9.11.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.18.48",
                  "versionStartIncluding": "9.18.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.20.22",
                  "versionStartIncluding": "9.20.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.21.21",
                  "versionStartIncluding": "9.21.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.16.50-S1",
                  "versionStartIncluding": "9.11.3-S1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.18.48-S1",
                  "versionStartIncluding": "9.18.11-S1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.20.22-S1",
                  "versionStartIncluding": "9.20.9-S1",
                  "vulnerable": true
                }
              ],
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ISC would like to thank Mcsky23 for bringing this vulnerability to our attention."
        }
      ],
      "datePublic": "2026-05-20T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) \u2014 for example, `CHAOS` or `HESIOD`, or DNS messages that specify meta-classes (`ANY` or `NONE`) in the question section. Specially crafted requests reaching the affected code paths \u2014 recursion, dynamic updates (`UPDATE`), zone change notifications (`NOTIFY`), or processing of `IN`-specific record types in non-`IN` data \u2014 can cause assertion failures in `named`.\nThis issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "We are not aware of any active exploits."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "An attacker able to send specially crafted DNS messages to an affected `named` instance can cause it to terminate unexpectedly, resulting in a denial of service."
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            },
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            },
            {
              "cweId": "CWE-617",
              "description": "CWE-617 Reachable Assertion",
              "lang": "en",
              "type": "CWE"
            },
            {
              "cweId": "CWE-754",
              "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            },
            {
              "cweId": "CWE-843",
              "description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-20T13:10:03.479Z",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "name": "CVE-2026-5946",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.isc.org/docs/cve-2026-5946"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://downloads.isc.org/isc/bind9/9.18.49"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://downloads.isc.org/isc/bind9/9.20.23"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://downloads.isc.org/isc/bind9/9.21.22"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.49, 9.20.23, 9.21.22, 9.18.49-S1, or 9.20.23-S1."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Invalid handling of CLASS != IN",
      "workarounds": [
        {
          "lang": "en",
          "value": "Don\u0027t configure zones other than Internet (`IN`) class. Furthermore, do not expose the server that allows DNS Dynamic Update to the general Internet."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2026-5946",
    "datePublished": "2026-05-20T13:10:03.479Z",
    "dateReserved": "2026-04-09T06:40:07.319Z",
    "dateUpdated": "2026-05-20T13:40:20.966Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-5947 (GCVE-0-2026-5947)

Vulnerability from cvelistv5 – Published: 2026-05-20 13:10 – Updated: 2026-05-20 13:39

Title

SIG(0) validation during query flood may lead to undefined behavior

Summary

Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG(0), it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached (as would occur during a query flood), and that same DNS message is discarded per the limit, there is a brief window of time while the SIG(0) validation may attempt to read the now-discarded DNS message. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.28 through 9.18.49 and 9.18.28-S1 through 9.18.49-S1 are NOT affected.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-416 - Use After Free

Assigner

isc

References

3 references

URL	Tags
https://kb.isc.org/docs/cve-2026-5947	vendor-advisory
https://downloads.isc.org/isc/bind9/9.20.23	patch
https://downloads.isc.org/isc/bind9/9.21.22	patch

Impacted products

1 product

Vendor	Product	Version
ISC	BIND 9	Affected: 9.20.0 , ≤ 9.20.22 (custom) Affected: 9.21.0 , ≤ 9.21.21 (custom) Affected: 9.20.9-S1 , ≤ 9.20.22-S1 (custom) Unaffected: 9.18.28 , ≤ 9.18.49 (custom) Unaffected: 9.18.28-S1 , ≤ 9.18.49-S1 (custom)

Date Public

2026-05-20 00:00

Credits

ISC would like to thank Naoki Wakamatsu for bringing this vulnerability to our attention.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-5947",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-20T13:39:15.454199Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-20T13:39:38.654Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "BIND 9",
          "vendor": "ISC",
          "versions": [
            {
              "lessThanOrEqual": "9.20.22",
              "status": "affected",
              "version": "9.20.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.21.21",
              "status": "affected",
              "version": "9.21.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.20.22-S1",
              "status": "affected",
              "version": "9.20.9-S1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.18.49",
              "status": "unaffected",
              "version": "9.18.28",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.18.49-S1",
              "status": "unaffected",
              "version": "9.18.28-S1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.20.22",
                  "versionStartIncluding": "9.20.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.21.21",
                  "versionStartIncluding": "9.21.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.20.22-S1",
                  "versionStartIncluding": "9.20.9-S1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.18.49",
                  "versionStartIncluding": "9.18.28",
                  "vulnerable": false
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.18.49-S1",
                  "versionStartIncluding": "9.18.28-S1",
                  "vulnerable": false
                }
              ],
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ISC would like to thank Naoki Wakamatsu for bringing this vulnerability to our attention."
        }
      ],
      "datePublic": "2026-05-20T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Undefined behavior may result due to a race condition leading to a use-after-free violation.  If BIND receives an incoming DNS message signed with SIG(0), it begins work to validate that signature.  If, during that validation, the \"recursive-clients\" limit is reached (as would occur during a query flood), and that same DNS message is discarded per the limit, there is a brief window of time while the SIG(0) validation may attempt to read the now-discarded DNS message.\nThis issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1.\nBIND 9 versions 9.18.28 through 9.18.49 and 9.18.28-S1 through 9.18.49-S1 are NOT affected."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "We are not aware of any active exploits."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "The use of memory after it is freed is undefined (\"dangling pointer\").  The BIND process may abort with a segmentation violation or similar error.  If memory from the discarded message has not been reused or reclaimed, the validation might proceed normally.  Any kind of code execution from such an improper data read is unlikely."
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
              "lang": "en",
              "type": "CWE"
            },
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-20T13:10:11.873Z",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "name": "CVE-2026-5947",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.isc.org/docs/cve-2026-5947"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://downloads.isc.org/isc/bind9/9.20.23"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://downloads.isc.org/isc/bind9/9.21.22"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.20.23, 9.21.22, or 9.20.23-S1."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "SIG(0) validation during query flood may lead to undefined behavior",
      "workarounds": [
        {
          "lang": "en",
          "value": "No workarounds known."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2026-5947",
    "datePublished": "2026-05-20T13:10:11.873Z",
    "dateReserved": "2026-04-09T06:40:58.672Z",
    "dateUpdated": "2026-05-20T13:39:38.654Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-5950 (GCVE-0-2026-5950)

Vulnerability from cvelistv5 – Published: 2026-05-20 13:10 – Updated: 2026-05-20 13:38

Title

Unbounded resend loop in BIND 9 resolver

Summary

An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to cause severe resource exhaustion by sending queries that trigger specific retry conditions. This issue affects BIND 9 versions 9.18.36 through 9.18.48, 9.20.8 through 9.20.22, 9.21.7 through 9.21.21, 9.18.36-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1.

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-606 - Unchecked Input for Loop Condition

Assigner

isc

References

4 references

URL	Tags
https://kb.isc.org/docs/cve-2026-5950	vendor-advisory
https://downloads.isc.org/isc/bind9/9.18.49	patch
https://downloads.isc.org/isc/bind9/9.20.23	patch
https://downloads.isc.org/isc/bind9/9.21.22	patch

Impacted products

1 product

Vendor	Product	Version
ISC	BIND 9	Affected: 9.18.36 , ≤ 9.18.48 (custom) Affected: 9.20.8 , ≤ 9.20.22 (custom) Affected: 9.21.7 , ≤ 9.21.21 (custom) Affected: 9.18.36-S1 , ≤ 9.18.48-S1 (custom) Affected: 9.20.9-S1 , ≤ 9.20.22-S1 (custom)

Date Public

2026-05-20 00:00

Credits

ISC would like to thank Billy Baraja (BielraX) for bringing this vulnerability to our attention.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-5950",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-20T13:38:40.421994Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-20T13:38:53.211Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "BIND 9",
          "vendor": "ISC",
          "versions": [
            {
              "lessThanOrEqual": "9.18.48",
              "status": "affected",
              "version": "9.18.36",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.20.22",
              "status": "affected",
              "version": "9.20.8",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.21.21",
              "status": "affected",
              "version": "9.21.7",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.18.48-S1",
              "status": "affected",
              "version": "9.18.36-S1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.20.22-S1",
              "status": "affected",
              "version": "9.20.9-S1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.18.48",
                  "versionStartIncluding": "9.18.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.20.22",
                  "versionStartIncluding": "9.20.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.21.21",
                  "versionStartIncluding": "9.21.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.18.48-S1",
                  "versionStartIncluding": "9.18.36-S1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.20.22-S1",
                  "versionStartIncluding": "9.20.9-S1",
                  "vulnerable": true
                }
              ],
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ISC would like to thank Billy Baraja (BielraX) for bringing this vulnerability to our attention."
        }
      ],
      "datePublic": "2026-05-20T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to cause severe resource exhaustion by sending queries that trigger specific retry conditions.\nThis issue affects BIND 9 versions 9.18.36 through 9.18.48, 9.20.8 through 9.20.22, 9.21.7 through 9.21.21, 9.18.36-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "We are not aware of any active exploits."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Severe resource exhaustion."
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-606",
              "description": "CWE-606 Unchecked Input for Loop Condition",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-20T13:10:19.989Z",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "name": "CVE-2026-5950",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.isc.org/docs/cve-2026-5950"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://downloads.isc.org/isc/bind9/9.18.49"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://downloads.isc.org/isc/bind9/9.20.23"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://downloads.isc.org/isc/bind9/9.21.22"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.49, 9.20.23, 9.21.22, 9.18.49-S1, or 9.20.23-S1."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Unbounded resend loop in BIND 9 resolver",
      "workarounds": [
        {
          "lang": "en",
          "value": "No workarounds known."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2026-5950",
    "datePublished": "2026-05-20T13:10:19.989Z",
    "dateReserved": "2026-04-09T06:42:23.953Z",
    "dateUpdated": "2026-05-20T13:38:53.211Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-1626

CVE-2026-3039 (GCVE-0-2026-3039)

CVE-2026-3592 (GCVE-0-2026-3592)

CVE-2026-3593 (GCVE-0-2026-3593)

CVE-2026-5946 (GCVE-0-2026-5946)

CVE-2026-5947 (GCVE-0-2026-5947)

CVE-2026-5950 (GCVE-0-2026-5950)

Tags

Sightings

Nomenclature