CVE-2026-3593
published 2026-05-20CVE-2026-3593: A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through…
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.84%
76.4th percentile
A use-after-free vulnerability exists within the DNS-over-HTTPS implementation.
This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1.
BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| isc | bind | — | — |
| isc | bind | >= 9.20.0 < 9.20.23 | 9.20.23 |
| isc | bind | >= 9.21.0 < 9.21.22 | 9.21.22 |
| isc | bind_9 | 9.20.0 – 9.20.22 | — |
| isc | bind_9 | 9.20.9-S1 – 9.20.22-S1 | — |
| isc | bind_9 | 9.21.0 – 9.21.21 | — |
| isc | dhcp | — | — |
| ubuntu | bind9 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target DNS-over-HTTPS (DoH) endpoints running BIND 9 versions 9.20.0–9.20.22, 9.21.0–9.21.21, or 9.20.9-S1–9.20.22-S1; monitor for crafted HTTP/2 traffic triggering memory corruption (use-after-free) on these endpoints ↗
- →Alert on anomalous or malformed HTTP/2 request patterns directed at DoH listener ports on BIND 9 instances; memory corruption symptoms (crashes, unexpected restarts of named) may indicate exploitation attempts ↗
- ·BIND 9 versions 9.18.0–9.18.48 and 9.18.11-S1–9.18.48-S1 are explicitly NOT affected; scope detection and patching efforts only to the vulnerable version ranges (9.20.0–9.20.22, 9.21.0–9.21.21, 9.20.9-S1–9.20.22-S1) ↗
- ·No vendor-provided mitigation is available; the only remediation path is patching — do not rely on configuration-level workarounds ↗
- ·The vulnerability is exploitable remotely with no authentication required; any BIND instance with a publicly reachable DoH endpoint should be treated as high-priority for patching ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_redhat9.8CRITICAL
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Bind vulnerabilities
vendor_ubuntu·2026-05-21·CVSS 7.5
CVE-2026-5950 [HIGH] Bind vulnerabilities
Title: Bind vulnerabilities
Summary: Several security issues were fixed in Bind.
Vitaly Simonovich discovered that Bind could exhaust memory during GSS-API
TKEY negotiation. A remote attacker could possibly use this issue to cause
Bind to use excessive resources, leading to a denial of service.
(CVE-2026-3039)
Shuhan Zhang discovered that Bind incorrectly handled self-pointed glue
records. A remote attacker could possibly use this issue to use Bind in
denial of service amplification attacks against other systems.
(CVE-2026-3592)
Naresh Kandula Parmar discovered that Bind incorrectly handled memory in
the DNS-over-HTTPS implementation. A remote attacker could possibly use
this issue to cause Bind to crash, resulting in a denial of service, or
execute arbitrary code. This issue only affe
Red Hat
bind: Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation
vendor_redhat·2026-05-21·CVSS 9.8
CVE-2026-3593 [CRITICAL] CWE-825 bind: Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation
bind: Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation
A flaw was found in the BIND (Berkeley Internet Name Domain) DNS-over-HTTPS implementation. A remote attacker could send specially crafted HTTP/2 traffic to a DNS-over-HTTPS endpoint, leading to a use-after-free vulnerability. This could trigger memory corruption, potentially allowing the attacker to cause a denial of service or, in some cases, execute arbitrary code.
Statement: Important: A heap use-after-free vulnerability in BIND's DNS-over-HTTPS implementation allows a remote attacker to trigger memory corruption by sending crafted HTTP/2 traffic to a DNS-over-HTTPS endpoint. This affects both authoritative servers and resolvers configured to use DNS-over-HTTPS, potentially leading to denial of service or
GHSA
GHSA-8v2c-7qqj-7wp7: A use-after-free vulnerability exists within the DNS-over-HTTPS implementation
ghsa_unreviewed·2026-05-20
CVE-2026-3593 [HIGH] CWE-416 GHSA-8v2c-7qqj-7wp7: A use-after-free vulnerability exists within the DNS-over-HTTPS implementation
A use-after-free vulnerability exists within the DNS-over-HTTPS implementation.
This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1.
BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected.
VulDB
ISC BIND up to 9.21.21 DNS-over-HTTPS use after free (Nessus ID 315660)
vuldb·2026-05-20·CVSS 7.4
CVE-2026-3593 [HIGH] ISC BIND up to 9.21.21 DNS-over-HTTPS use after free (Nessus ID 315660)
A vulnerability was found in ISC BIND up to 9.18.47/9.18.48-S0/9.20.22/9.20.22-S1/9.21.21 and classified as critical. This affects an unknown part of the component DNS-over-HTTPS. The manipulation results in use after free.
This vulnerability is reported as CVE-2026-3593. The attack can be launched remotely. No exploit exists.
It is suggested to upgrade the affected component.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-3593 bind: Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation [fedora-all]
bugzilla·2026-05-26·CVSS 9.8
CVE-2026-3593 [CRITICAL] CVE-2026-3593 bind: Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation [fedora-all]
CVE-2026-3593 bind: Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-3593 dhcp: Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation [fedora-all]
bugzilla·2026-05-26·CVSS 9.8
CVE-2026-3593 [CRITICAL] CVE-2026-3593 dhcp: Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation [fedora-all]
CVE-2026-3593 dhcp: Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-3593 bind: Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation
bugzilla·2026-05-19·CVSS 9.8
CVE-2026-3593 [CRITICAL] CVE-2026-3593 bind: Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation
CVE-2026-3593 bind: Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation
Description:
A use-after-free vulnerability exists within the DNS-over-HTTPS implementation.
Impact:
Crafted HTTP/2 traffic sent to a DNS-over-HTTPS endpoint can be used to trigger memory corruption.
- Authoritative servers are affected by this vulnerability.
- Resolvers are affected by this vulnerability.
Hackernews
⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More
blogs_hackernews·2026-06-01·CVSS 7.8
CVE-2026-0257 [HIGH] ⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## ⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More
Monday hit like a cron job with anger issues.
A busted auth path here, a repo-side faceplant there, some "patched-ish" thing already getting chewed on in the wild, and then the usual bonus round: poisoned dev tools, sketchy forum chatter, phishing kits pretending to be productivity, and AI lowering the bar for people who already thought 'curl | sh' had a personality.
The vibe is simple: old bugs, new wrappers, faster abuse. Patch the obvious crap first. Then read the rest.
## ⚡ Threat of the Week
PAN-OS GlobalProtect Authenticati
https://downloads.isc.org/isc/bind9/9.20.23https://downloads.isc.org/isc/bind9/9.21.22https://kb.isc.org/docs/cve-2026-3593https://access.redhat.com/errata/RHSA-2026:7412https://access.redhat.com/security/cve/CVE-2026-3593https://bugzilla.redhat.com/show_bug.cgi?id=2479770https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3593.json
2026-05-20
Published