Internet Systems Consortium released BIND 9 updates to fix four vulnerabilities, including two high-severity flaws that can cause memory leaks or high CPU usage in resolvers during DNSSEC processing. Patches are available for BIND 9.18.47, 9.20.21, and 9.21.20, and ISC reports no known in-the-wild exploitation. #BIND #CVE-2026-3104
Keypoints
- ISC released updates for BIND 9 to address four vulnerabilities, two rated high severity.
- CVE-2026-3104 is a memory leak in DNSSEC non-existence proof handling that can exhaust resolver memory and cause crashes.
- CVE-2026-1519 can trigger high CPU use during DNSSEC validation of crafted zones, reducing query handling capacity.
- Two medium-severity bugs include CVE-2026-3119 (TKEY-related termination) and CVE-2026-3591 (SIG(0) use-after-return leading to ACL bypass).
- Patches are included in versions 9.18.47, 9.20.21, 9.21.20 (and corresponding S1 previews), and ISC is unaware of active exploitation.
Read More: https://www.securityweek.com/bind-updates-patch-high-severity-vulnerabilities-2/