CVE-2026-3592
published 2026-05-20CVE-2026-3592: BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to a specially crafted zone, the…
PriorityP431medium5.3CVSS 3.1
AVNACLPRNUINSUCNINAL
EPSS
0.41%
32.5th percentile
BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to a specially crafted zone, the resolver will consume disproportionate resources.
This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| isc | bind | — | — |
| isc | bind | 9.11.0 – 9.16.50 | — |
| isc | bind | >= 9.18.0 < 9.18.49 | 9.18.49 |
| isc | bind | >= 9.20.0 < 9.20.23 | 9.20.23 |
| isc | bind | >= 9.21.0 < 9.21.22 | 9.21.22 |
| isc | bind_9 | 9.11.0 – 9.16.50 | — |
| isc | bind_9 | 9.11.3-S1 – 9.16.50-S1 | — |
| isc | bind_9 | 9.18.0 – 9.18.48 | — |
| isc | bind_9 | 9.18.11-S1 – 9.18.48-S1 | — |
| isc | bind_9 | 9.20.0 – 9.20.22 | — |
| isc | bind_9 | 9.20.9-S1 – 9.20.22-S1 | — |
| isc | bind_9 | 9.21.0 – 9.21.21 | — |
| isc | dhcp | — | — |
| ubuntu | bind9 | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
vendor_ubuntu7.5HIGH
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
bind: Amplification vulnerabilities via self-pointed glue records
vendor_redhat·2026-05-26·CVSS 5.3
CVE-2026-3592 [MEDIUM] CWE-770 bind: Amplification vulnerabilities via self-pointed glue records
bind: Amplification vulnerabilities via self-pointed glue records
A flaw was found in BIND resolvers. A remote attacker could exploit this vulnerability by sending a query to a specially crafted zone. This would cause the resolver to consume disproportionate resources, leading to a denial of service (DoS) due to resource exhaustion.
Statement: Moderate: This vulnerability in BIND resolvers allows for an amplified resource consumption attack. A specially crafted DNS zone can cause a Red Hat system acting as a resolver to consume excessive resources, potentially leading to a denial of service.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicabilit
Ubuntu
Bind vulnerabilities
vendor_ubuntu·2026-05-21·CVSS 7.5
CVE-2026-5950 [HIGH] Bind vulnerabilities
Title: Bind vulnerabilities
Summary: Several security issues were fixed in Bind.
Vitaly Simonovich discovered that Bind could exhaust memory during GSS-API
TKEY negotiation. A remote attacker could possibly use this issue to cause
Bind to use excessive resources, leading to a denial of service.
(CVE-2026-3039)
Shuhan Zhang discovered that Bind incorrectly handled self-pointed glue
records. A remote attacker could possibly use this issue to use Bind in
denial of service amplification attacks against other systems.
(CVE-2026-3592)
Naresh Kandula Parmar discovered that Bind incorrectly handled memory in
the DNS-over-HTTPS implementation. A remote attacker could possibly use
this issue to cause Bind to crash, resulting in a denial of service, or
execute arbitrary code. This issue only affe
GHSA
GHSA-63mj-2fw3-4w3h: BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack
ghsa_unreviewed·2026-05-20
CVE-2026-3592 [MEDIUM] CWE-408 GHSA-63mj-2fw3-4w3h: BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack
BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to a specially crafted zone, the resolver will consume disproportionate resources.
This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-3592 bind: Amplification vulnerabilities via self-pointed glue records [fedora-all]
bugzilla·2026-06-29·CVSS 5.3
CVE-2026-3592 [MEDIUM] CVE-2026-3592 bind: Amplification vulnerabilities via self-pointed glue records [fedora-all]
CVE-2026-3592 bind: Amplification vulnerabilities via self-pointed glue records [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to a specially crafted zone, the resolver will consume disproportionate resources.
Bugzilla
CVE-2026-3592 dhcp: Amplification vulnerabilities via self-pointed glue records [fedora-all]
bugzilla·2026-06-29·CVSS 5.3
CVE-2026-3592 [MEDIUM] CVE-2026-3592 dhcp: Amplification vulnerabilities via self-pointed glue records [fedora-all]
CVE-2026-3592 dhcp: Amplification vulnerabilities via self-pointed glue records [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to a specially crafted zone, the resolver will consume disproportionate resources.
Discussion:
ISC DHCP is not affected. It doesn't act as a DNS resolver. This is a BIND server-side issue.
ISC DHCP uses portions of the ISC BIND libraries (primarily libdns, omapi, and libisccfg) only to support DDNS (TSIG support, DNS message construction/parsing, DHCID ge
Bugzilla
CVE-2026-3592 bind: Amplification vulnerabilities via self-pointed glue records
bugzilla·2026-05-19·CVSS 5.3
CVE-2026-3592 [MEDIUM] CVE-2026-3592 bind: Amplification vulnerabilities via self-pointed glue records
CVE-2026-3592 bind: Amplification vulnerabilities via self-pointed glue records
BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to a specially crafted zone, the resolver will consume disproportionate resources.
2026-05-20
Published