CVE-2026-1519

EUVD-2026-15406

25.03.2026, 14:16

If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries (see: https://kb.isc.org/docs/why-does-my-authoritative-server-make-recursive-queries).
This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.46, 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.46-S1, and 9.20.9-S1 through 9.20.20-S1.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 9%

Debian Releases

Debian Product

Codename

bind9

bookworm	vulnerable
bookworm (security)	1:9.18.47-1~deb12u1 fixed
bullseye	vulnerable
bullseye (security)	1:9.16.50-1~deb11u5 fixed
forky	1:9.20.22-1 fixed
sid	1:9.20.22-1 fixed
trixie	vulnerable
trixie (security)	1:9.20.21-1~deb13u1 fixed

Ubuntu Releases

Ubuntu Product

Codename

bind9

bionic	needs-triage
focal	needs-triage
jammy	Fixed 1:9.18.39-0ubuntu0.22.04.3 released
noble	Fixed 1:9.18.39-0ubuntu0.24.04.3 released
questing	Fixed 1:9.20.11-1ubuntu2.2 released
resolute	not-affected
trusty	needs-triage
xenial	needs-triage

isc-dhcp

bionic	needs-triage
focal	not-affected
jammy	not-affected
noble	needs-triage
questing	needs-triage
resolute	needs-triage
trusty	not-affected
xenial	not-affected

bind9-libs

focal	needs-triage
jammy	needs-triage
noble	dne
questing	dne
resolute	dne

openSUSE / SLES Releases

openSUSE Product

Release

bind

suse enterprise sap 15 SP7	9.20.21-150700.3.18.1 fixed
suse enterprise server 12 SP5	9.11.22-3.68.1 fixed
suse enterprise server 15 SP4	9.16.50-150400.5.59.1 fixed
suse enterprise server 15 SP5	9.16.50-150500.8.35.1 fixed
suse enterprise server 15 SP6	9.18.33-150600.3.21.1 fixed
suse enterprise server 15 SP7	9.20.21-150700.3.18.1 fixed

bind-chrootenv

suse enterprise server 12 SP5

9.11.22-3.68.1

fixed

bind-devel

suse enterprise server 12 SP5

9.11.22-3.68.1

fixed

bind-doc

suse enterprise sap 15 SP7	9.20.21-150700.3.18.1 fixed
suse enterprise server 12 SP5	9.11.22-3.68.1 fixed
suse enterprise server 15 SP4	9.16.50-150400.5.59.1 fixed
suse enterprise server 15 SP5	9.16.50-150500.8.35.1 fixed
suse enterprise server 15 SP6	9.18.33-150600.3.21.1 fixed
suse enterprise server 15 SP7	9.20.21-150700.3.18.1 fixed

bind-utils

suse enterprise desktop 15 SP7	9.20.21-150700.3.18.1 fixed
suse enterprise sap 15 SP7	9.20.21-150700.3.18.1 fixed
suse enterprise server 12 SP5	9.11.22-3.68.1 fixed
suse enterprise server 15 SP4	9.16.50-150400.5.59.1 fixed
suse enterprise server 15 SP5	9.16.50-150500.8.35.1 fixed
suse enterprise server 15 SP6	9.18.33-150600.3.21.1 fixed
suse enterprise server 15 SP7	9.20.21-150700.3.18.1 fixed

libbind9-161

suse enterprise server 12 SP5

9.11.22-3.68.1

fixed

libdns1110

suse enterprise server 12 SP5

9.11.22-3.68.1

fixed

libdns1605

suse enterprise desktop 15 SP7	9.16.6-150300.22.56.1 fixed
suse enterprise sap 15 SP7	9.16.6-150300.22.56.1 fixed
suse enterprise server 15 SP6	9.16.6-150300.22.56.1 fixed
suse enterprise server 15 SP7	9.16.6-150300.22.56.1 fixed

libirs-devel

suse enterprise desktop 15 SP7	9.16.6-150300.22.56.1 fixed
suse enterprise sap 15 SP7	9.16.6-150300.22.56.1 fixed
suse enterprise server 15 SP6	9.16.6-150300.22.56.1 fixed
suse enterprise server 15 SP7	9.16.6-150300.22.56.1 fixed

libirs1601

suse enterprise desktop 15 SP7	9.16.6-150300.22.56.1 fixed
suse enterprise sap 15 SP7	9.16.6-150300.22.56.1 fixed
suse enterprise server 15 SP6	9.16.6-150300.22.56.1 fixed
suse enterprise server 15 SP7	9.16.6-150300.22.56.1 fixed

libirs161

suse enterprise server 12 SP5

9.11.22-3.68.1

fixed

libisc1107

suse enterprise server 12 SP5

9.11.22-3.68.1

fixed

libisc1107-32bit

suse enterprise server 12 SP5

9.11.22-3.68.1

fixed

libisc1606

suse enterprise desktop 15 SP7	9.16.6-150300.22.56.1 fixed
suse enterprise sap 15 SP7	9.16.6-150300.22.56.1 fixed
suse enterprise server 15 SP6	9.16.6-150300.22.56.1 fixed
suse enterprise server 15 SP7	9.16.6-150300.22.56.1 fixed

libisccc161

suse enterprise server 12 SP5

9.11.22-3.68.1

fixed

libisccfg1600

suse enterprise desktop 15 SP7	9.16.6-150300.22.56.1 fixed
suse enterprise sap 15 SP7	9.16.6-150300.22.56.1 fixed
suse enterprise server 15 SP6	9.16.6-150300.22.56.1 fixed
suse enterprise server 15 SP7	9.16.6-150300.22.56.1 fixed

libisccfg163

suse enterprise server 12 SP5

9.11.22-3.68.1

fixed

liblwres161

suse enterprise server 12 SP5

9.11.22-3.68.1

fixed

python-bind

suse enterprise server 12 SP5

9.11.22-3.68.1

fixed

python3-bind

suse enterprise server 15 SP4	9.16.50-150400.5.59.1 fixed
suse enterprise server 15 SP5	9.16.50-150500.8.35.1 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

bind

RHEL 8	32:9.11.36-16.el8_10.7 fixed
RHEL 8.8 E4S	32:9.11.36-8.el8_8.9 fixed
RHEL 8.8 TUS	32:9.11.36-8.el8_8.9 fixed
RHEL 9	32:9.16.23-34.el9_7.2 fixed

bind-chroot

RHEL 8	32:9.11.36-16.el8_10.7 fixed
RHEL 8.8 E4S	32:9.11.36-8.el8_8.9 fixed
RHEL 8.8 TUS	32:9.11.36-8.el8_8.9 fixed
RHEL 9	32:9.16.23-34.el9_7.2 fixed

bind-devel

RHEL 8	32:9.11.36-16.el8_10.7 fixed
RHEL 8.8 E4S	32:9.11.36-8.el8_8.9 fixed
RHEL 8.8 TUS	32:9.11.36-8.el8_8.9 fixed
RHEL 9	32:9.16.23-34.el9_7.2 fixed

bind-dnssec-doc

RHEL 9

32:9.16.23-34.el9_7.2

fixed

bind-dnssec-utils

RHEL 9

32:9.16.23-34.el9_7.2

fixed

bind-doc

RHEL 9

32:9.16.23-34.el9_7.2

fixed

bind-export-devel

RHEL 8	32:9.11.36-16.el8_10.7 fixed
RHEL 8.8 E4S	32:9.11.36-8.el8_8.9 fixed
RHEL 8.8 TUS	32:9.11.36-8.el8_8.9 fixed

bind-export-libs

RHEL 8	32:9.11.36-16.el8_10.7 fixed
RHEL 8.8 E4S	32:9.11.36-8.el8_8.9 fixed
RHEL 8.8 TUS	32:9.11.36-8.el8_8.9 fixed

bind-libs

RHEL 8	32:9.11.36-16.el8_10.7 fixed
RHEL 8.8 E4S	32:9.11.36-8.el8_8.9 fixed
RHEL 8.8 TUS	32:9.11.36-8.el8_8.9 fixed
RHEL 9	32:9.16.23-34.el9_7.2 fixed

bind-libs-lite

RHEL 8	32:9.11.36-16.el8_10.7 fixed
RHEL 8.8 E4S	32:9.11.36-8.el8_8.9 fixed
RHEL 8.8 TUS	32:9.11.36-8.el8_8.9 fixed

bind-license

RHEL 8	32:9.11.36-16.el8_10.7 fixed
RHEL 8.8 E4S	32:9.11.36-8.el8_8.9 fixed
RHEL 8.8 TUS	32:9.11.36-8.el8_8.9 fixed
RHEL 9	32:9.16.23-34.el9_7.2 fixed

bind-lite-devel

RHEL 8	32:9.11.36-16.el8_10.7 fixed
RHEL 8.8 E4S	32:9.11.36-8.el8_8.9 fixed
RHEL 8.8 TUS	32:9.11.36-8.el8_8.9 fixed

bind-pkcs11

RHEL 8	32:9.11.36-16.el8_10.7 fixed
RHEL 8.8 E4S	32:9.11.36-8.el8_8.9 fixed
RHEL 8.8 TUS	32:9.11.36-8.el8_8.9 fixed

bind-pkcs11-devel

RHEL 8	32:9.11.36-16.el8_10.7 fixed
RHEL 8.8 E4S	32:9.11.36-8.el8_8.9 fixed
RHEL 8.8 TUS	32:9.11.36-8.el8_8.9 fixed

bind-pkcs11-libs

RHEL 8	32:9.11.36-16.el8_10.7 fixed
RHEL 8.8 E4S	32:9.11.36-8.el8_8.9 fixed
RHEL 8.8 TUS	32:9.11.36-8.el8_8.9 fixed

bind-pkcs11-utils

RHEL 8	32:9.11.36-16.el8_10.7 fixed
RHEL 8.8 E4S	32:9.11.36-8.el8_8.9 fixed
RHEL 8.8 TUS	32:9.11.36-8.el8_8.9 fixed

bind-sdb

RHEL 8	32:9.11.36-16.el8_10.7 fixed
RHEL 8.8 E4S	32:9.11.36-8.el8_8.9 fixed
RHEL 8.8 TUS	32:9.11.36-8.el8_8.9 fixed

bind-sdb-chroot

RHEL 8	32:9.11.36-16.el8_10.7 fixed
RHEL 8.8 E4S	32:9.11.36-8.el8_8.9 fixed
RHEL 8.8 TUS	32:9.11.36-8.el8_8.9 fixed

bind-utils

RHEL 8	32:9.11.36-16.el8_10.7 fixed
RHEL 8.8 E4S	32:9.11.36-8.el8_8.9 fixed
RHEL 8.8 TUS	32:9.11.36-8.el8_8.9 fixed
RHEL 9	32:9.16.23-34.el9_7.2 fixed

bind9.16

RHEL 8

32:9.16.23-0.22.el8_10.5

fixed

bind9.16-chroot

RHEL 8

32:9.16.23-0.22.el8_10.5

fixed

bind9.16-devel

RHEL 8

32:9.16.23-0.22.el8_10.5

fixed

bind9.16-dnssec-utils

RHEL 8

32:9.16.23-0.22.el8_10.5

fixed

bind9.16-doc

RHEL 8

32:9.16.23-0.22.el8_10.5

fixed

bind9.16-libs

RHEL 8

32:9.16.23-0.22.el8_10.5

fixed

bind9.16-license

RHEL 8

32:9.16.23-0.22.el8_10.5

fixed

bind9.16-utils

RHEL 8

32:9.16.23-0.22.el8_10.5

fixed

bind9.18

RHEL 9

32:9.18.29-5.el9_7.4

fixed

bind9.18-chroot

RHEL 9

32:9.18.29-5.el9_7.4

fixed

bind9.18-devel

RHEL 9

32:9.18.29-5.el9_7.4

fixed

bind9.18-dnssec-utils

RHEL 9

32:9.18.29-5.el9_7.4

fixed

bind9.18-doc

RHEL 9

32:9.18.29-5.el9_7.4

fixed

bind9.18-libs

RHEL 9

32:9.18.29-5.el9_7.4

fixed

bind9.18-utils

RHEL 9

32:9.18.29-5.el9_7.4

fixed

python3-bind

RHEL 8	32:9.11.36-16.el8_10.7 fixed
RHEL 8.8 E4S	32:9.11.36-8.el8_8.9 fixed
RHEL 8.8 TUS	32:9.11.36-8.el8_8.9 fixed
RHEL 9	32:9.16.23-34.el9_7.2 fixed

python3-bind9.16

RHEL 8

32:9.16.23-0.22.el8_10.5

fixed

Common Weakness Enumeration

CWE-606 - Unchecked Input for Loop Condition
The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service or other consequences because of excessive looping.

Vulnerability Media Exposure

[GERMAN] Internet Systems Consortium BIND: Mehrere Schwachstellen
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Internet Systems Consortium BIND ausnutzen, um einen Denial of Service Angriff durchzuführen oder Sicherheitsmaßnahmen zu umgehen.
Published: 2026-03-25T23:00:00+00:00

References

https://downloads.isc.org/isc/bind9/9.18.47

https://downloads.isc.org/isc/bind9/9.20.21

https://downloads.isc.org/isc/bind9/9.21.20

https://kb.isc.org/docs/cve-2026-1519

https://lists.debian.org/debian-lts-announce/2026/04/msg00008.html