CVE-2026-1519
Published Mar 25, 2026
Last updated 17 days ago
CVSS high 7.5
Dns
Tunneling protocol
Port (53)
- Description
- If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries (see: https://kb.isc.org/docs/why-does-my-authoritative-server-make-recursive-queries). This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.46, 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.46-S1, and 9.20.9-S1 through 9.20.20-S1.
- Source
- security-officer@isc.org
- NVD status
- Analyzed
- Products
- bind
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- security-officer@isc.org
- CWE-606
- Hype score
- Not currently trending
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*",
"matchCriteriaId": "9EC5B9B1-25F2-48CA-9E8A-59D8E81D408A",
"versionEndIncluding": "9.16.50",
"versionStartIncluding": "9.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*",
"matchCriteriaId": "4DC8EC77-8200-45EC-B006-73E48A67A1B8",
"versionEndExcluding": "9.18.47",
"versionStartIncluding": "9.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*",
"matchCriteriaId": "2C0EF5D0-68A6-4E00-985B-523D9B243E49",
"versionEndExcluding": "9.20.21",
"versionStartIncluding": "9.20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*",
"matchCriteriaId": "B1DD0950-5CBD-49B2-8007-5E96B3C4FB1B",
"versionEndExcluding": "9.21.20",
"versionStartIncluding": "9.21.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]