anonhaven
Ad

CVE-2026-1519

HIGH CVSS 3.1: 7.5 EPSS 0.07%
Updated Mar 25, 2026
Bind
Parameter Value
CVSS 7.5 (HIGH)
Affected Versions 9.11.0 — 9.16.50
Type CWE-606
Vendor Bind
Public PoC No

If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries (see: https://kb.isc.org/docs/why-does-my-authoritative-server-make-recursive-queries). This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.46, 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.46-S1, and 9.20.9-S1 through 9.20.20-S1.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
None
No data leak
Integrity
None
No data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-606

References 4

https://downloads.isc.org/isc/bind9/9.18.47
security-officer@isc.org
https://downloads.isc.org/isc/bind9/9.20.21
security-officer@isc.org
https://downloads.isc.org/isc/bind9/9.21.20
security-officer@isc.org
https://kb.isc.org/docs/cve-2026-1519
security-officer@isc.org
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-32978

Bind

9.4

CVE-2026-33619

Bind

4.1

CVE-2019-25650

Bind

8.6

CVE-2026-3591

Bind

5.4

CVE-2026-3119

Bind

6.5