CVE-2026-3591

CWE-305CWE-562CWE-82510 documents9 sources
Severity
5.4MEDIUM
EPSS
0.0%
top 95.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
ISC Bind 9
Timeline
PublishedMar 25

Description

A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly (mis)match an IP address. In a default-allow ACL (denying only specific IP addresses), this may lead to unauthorized access. Default-deny ACLs should fail-secure. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.1

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages3 packages

Alpinebind< 9.20.21-r0+1
Debianbind9< 1:9.20.21-1~deb13u1+1
CVEListV5isc/bind_99.20.09.20.20+2

🔴Vulnerability Details

4
OSV
CVE-2026-3591: A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0)2026-03-25
GHSA
GHSA-5fv2-2p94-9gh7: A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0)2026-03-25
OSV
CVE-2026-3591: A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0)2026-03-25
CVEList
A stack use-after-return flaw in SIG(0) handling code may enable ACL bypass2026-03-25

📋Vendor Advisories

4
Red Hat
bind: BIND: Unauthorized access due to use-after-return vulnerability in DNS query handling2026-03-25
Ubuntu
Bind vulnerabilities2026-03-25
Microsoft
A stack use-after-return flaw in SIG(0) handling code may enable ACL bypass2026-03-10
Debian
CVE-2026-3591: bind9 - A use-after-return vulnerability exists in the `named` server when handling DNS ...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-3591 Impact, Exploitability, and Mitigation Steps | Wiz