CVE-2026-1519
Severity
7.5HIGH
EPSS
0.1%
top 74.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 25
Description
If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries (see: https://kb.isc.org/docs/why-does-my-authoritative-server-make-recursive-queries).
This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.46, 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, 9.11.3…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6
Affected Packages4 packages
🔴Vulnerability Details
5OSV▶
CVE-2026-1519: If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU↗2026-03-25
GHSA▶
GHSA-84m6-p53c-x4wp: If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU↗2026-03-25
OSV▶
CVE-2026-1519: If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU↗2026-03-25
CVEList
▶
📋Vendor Advisories
4Microsoft
▶
Debian▶
CVE-2026-1519: bind9 - If a BIND resolver is performing DNSSEC validation and encounters a maliciously ...↗2026
🕵️Threat Intelligence
1💬Community
1Bugzilla▶
CVE-2026-1519 bind: BIND: Denial of Service via maliciously crafted DNSSEC-validated zone↗2026-03-25