Zero Day MonitorZDM

← Back to list

7.5

CVE-2026-5946EXPLOITEDPATCHED

isc · bind

Invalid handling of CLASS != IN

Description

Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `CHAOS` or `HESIOD`, or DNS messages that specify meta-classes (`ANY` or `NONE`) in the question section. Specially crafted requests reaching the affected code paths — recursion, dynamic updates (`UPDATE`), zone change notifications (`NOTIFY`), or processing of `IN`-specific record types in non-`IN` data — can cause assertion failures in `named`. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1.

Affected Products

Vendor	Product	Versions
isc	bind	9.11.0, 9.18.0, 9.20.0, 9.21.0, 9.11.3-S1, 9.18.11-S1, 9.20.9-S1

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
internet systems consortium	bind	cert_advisory	90%

References

Related News (6 articles)

Tier A

Microsoft MSRC3d ago

CVE-2026-5946 Invalid handling of CLASS != IN

→ No new info (linked only)

Tier B

BSI Advisories5d ago

[NEU] [mittel] Internet Systems Consortium BIND: Mehrere Schwachstellen

→ No new info (linked only)

Tier B

CERT-FR5d ago

Multiples vulnérabilités dans ISC BIND (21 mai 2026)

→ No new info (linked only)

Tier B

CCCS Canada6d ago

ISC BIND security advisory (AV26-490)

→ No new info (linked only)

Tier C

oss-security6d ago

ISC has disclosed six vulnerabilities in BIND 9 (CVE-2026-3039, CVE-2026-3592, CVE-2026-3593, CVE-2026-5946, CVE-2026-5947, CVE-2026-5950)

→ No new info (linked only)

Tier C

VulDB6d ago

CVE-2026-5946 | ISC BIND up to 9.21.21 named recursion

→ No new info (linked only)

CVSS 3.17.5 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

https://kb.isc.org/docs/cve-2026-5946 https://downloads.isc.org/isc/bind9/9.18.49 https://downloads.isc.org/isc/bind9/9.20.23

CWECWE-20, CWE-125, CWE-617, CWE-754, CWE-843

PublishedMay 20, 2026

Last enriched6d agov2

Trending Score50

Source articles6

Independent6

Info Completeness10/14

Missing: epss, kev, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-1519

Excessive NSEC3 iterations cause high CPU load during insecure delegation validation

HIGHCVE-2026-5947EXP

SIG(0) validation during query flood may lead to undefined behavior

MEDIUMCVE-2026-3592EXP

Amplification vulnerabilities via self-pointed glue records

MEDIUMCVE-2026-5950EXP

Unbounded resend loop in BIND 9 resolver

HIGHCVE-2026-3039EXP

BIND 9 server memory exhaustion during GSS-API TKEY negotiation

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 20, 2026

Discovered by ZDM

May 20, 2026

Actively Exploited

May 20, 2026

Exploit Available

May 20, 2026

Patch Available

May 20, 2026

Updated: exploitAvailable, activelyExploited

May 20, 2026

Version History

v2

Last enriched 6d ago

v2Tier B6d ago

Updated exploit availability to true, marked as actively exploited, and set patch available to null.

exploitAvailableactivelyExploited

via CCCS Canada

v16d ago

Initial creation