If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although ther

Description

If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries (see: https://kb.isc.org/docs/why-does-my-authoritative-server-make-recursive-queries). This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.46, 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.46-S1, and 9.20.9-S1 through 9.20.20-S1.

Affected Products

Vendor	Product	Versions
ISC	BIND	CVE-2026-1519, CVE-2026-3104, CVE-2026-3119, CVE-2026-3591

References

Related News (2 articles)

Tier B

CERT-FR1d ago

Multiples vulnérabilités dans ISC BIND (26 mars 2026)

→ No new info (linked only)

Tier C

oss-security1d ago

ISC has disclosed four vulnerabilities in BIND 9 (CVE-2026-1519, CVE-2026-3104, CVE-2026-3119, CVE-2026-3591)

→ No new info (linked only)

CVSS 3.17.5 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA KEV❌ No

Actively exploited❌ No

CWECWE-606

Published3/25/2026

Last enriched1h agov2

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Version History

Last enriched 1h ago

v2Tier B1h ago

Added vendor ISC, product BIND, and new CVE IDs with exploit availability and active exploitation status.

vendorproductaffectedVersionstags

via CERT-FR

v12h ago

Initial creation

Description

Vendor

Product

Versions

ISC

BIND

CVE-2026-1519, CVE-2026-3104, CVE-2026-3119, CVE-2026-3591