CVE-2026-5947
published 2026-05-20CVE-2026-5947: Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG(0), it…
PriorityP335medium5.9CVSS 3.1
AVNACHPRNUINSUCNINAH
EPSS
1.39%
68.9th percentile
Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG(0), it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached (as would occur during a query flood), and that same DNS message is discarded per the limit, there is a brief window of time while the SIG(0) validation may attempt to read the now-discarded DNS message.
This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1.
BIND 9 versions 9.18.28 through 9.18.49 and 9.18.28-S1 through 9.18.49-S1 are NOT affected.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| isc | bind | — | — |
| isc | bind | >= 9.20.0 < 9.20.23 | 9.20.23 |
| isc | bind | >= 9.21.0 < 9.21.22 | 9.21.22 |
| isc | bind_9 | 9.20.0 – 9.20.22 | — |
| isc | bind_9 | 9.20.9-S1 – 9.20.22-S1 | — |
| isc | bind_9 | 9.21.0 – 9.21.21 | — |
| isc | dhcp | — | — |
| ubuntu | bind9 | — | — |
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
vendor_ubuntu7.5HIGH
vendor_redhat5.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Bind vulnerabilities
vendor_ubuntu·2026-05-21·CVSS 7.5
CVE-2026-5950 [HIGH] Bind vulnerabilities
Title: Bind vulnerabilities
Summary: Several security issues were fixed in Bind.
Vitaly Simonovich discovered that Bind could exhaust memory during GSS-API
TKEY negotiation. A remote attacker could possibly use this issue to cause
Bind to use excessive resources, leading to a denial of service.
(CVE-2026-3039)
Shuhan Zhang discovered that Bind incorrectly handled self-pointed glue
records. A remote attacker could possibly use this issue to use Bind in
denial of service amplification attacks against other systems.
(CVE-2026-3592)
Naresh Kandula Parmar discovered that Bind incorrectly handled memory in
the DNS-over-HTTPS implementation. A remote attacker could possibly use
this issue to cause Bind to crash, resulting in a denial of service, or
execute arbitrary code. This issue only affe
Red Hat
bind: SIG(0) validation during query flood may lead to undefined behavior
vendor_redhat·2026-05-21·CVSS 5.9
CVE-2026-5947 [MEDIUM] CWE-367 bind: SIG(0) validation during query flood may lead to undefined behavior
bind: SIG(0) validation during query flood may lead to undefined behavior
A flaw was found in BIND. A remote attacker could exploit a race condition during SIG(0) signature validation of an incoming DNS message. If the "recursive-clients" limit is reached and the message is discarded, a use-after-free vulnerability may occur. This could lead to undefined behavior and potentially result in a denial of service.
Statement: Important: A race condition in BIND's SIG(0) validation process can lead to undefined behavior and a denial of service when the server is under a query flood and processing signed DNS messages. This flaw could disrupt critical DNS resolution services in Red Hat environments.
Mitigation: Mitigation for this issue is either not available or the currently available options
GHSA
GHSA-6mm6-m775-chpm: Undefined behavior may result due to a race condition leading to a use-after-free violation
ghsa_unreviewed·2026-05-20
CVE-2026-5947 [HIGH] CWE-362 GHSA-6mm6-m775-chpm: Undefined behavior may result due to a race condition leading to a use-after-free violation
Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG(0), it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached (as would occur during a query flood), and that same DNS message is discarded per the limit, there is a brief window of time while the SIG(0) validation may attempt to read the now-discarded DNS message.
This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1.
BIND 9 versions 9.18.28 through 9.18.49 and 9.18.28-S1 through 9.18.49-S1 are NOT affected.
VulDB
ISC BIND up to 9.21.21 DNS Message race condition (Nessus ID 315662)
vuldb·2026-05-20·CVSS 7.5
CVE-2026-5947 [HIGH] ISC BIND up to 9.21.21 DNS Message race condition (Nessus ID 315662)
A vulnerability was found in ISC BIND up to 9.18.48/9.18.49-S0/9.20.22/9.20.22-S1/9.21.21. It has been rated as problematic. Impacted is an unknown function of the component DNS Message Handler. Performing a manipulation results in race condition.
This vulnerability is known as CVE-2026-5947. Remote exploitation of the attack is possible. No exploit is available.
Upgrading the affected component is advised.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-5947 bind: SIG(0) validation during query flood may lead to undefined behavior [fedora-all]
bugzilla·2026-05-26·CVSS 5.9
CVE-2026-5947 [MEDIUM] CVE-2026-5947 bind: SIG(0) validation during query flood may lead to undefined behavior [fedora-all]
CVE-2026-5947 bind: SIG(0) validation during query flood may lead to undefined behavior [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-5947 dhcp: SIG(0) validation during query flood may lead to undefined behavior [fedora-all]
bugzilla·2026-05-26·CVSS 5.9
CVE-2026-5947 [MEDIUM] CVE-2026-5947 dhcp: SIG(0) validation during query flood may lead to undefined behavior [fedora-all]
CVE-2026-5947 dhcp: SIG(0) validation during query flood may lead to undefined behavior [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-5947 bind: SIG(0) validation during query flood may lead to undefined behavior
bugzilla·2026-05-19·CVSS 5.9
CVE-2026-5947 [MEDIUM] CVE-2026-5947 bind: SIG(0) validation during query flood may lead to undefined behavior
CVE-2026-5947 bind: SIG(0) validation during query flood may lead to undefined behavior
Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG(0), it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached (as would occur during a query flood), and that same DNS message is discarded per the limit, there is a brief window of time while the SIG(0) validation may attempt to read the now-discarded DNS message.
Hackernews
⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More
blogs_hackernews·2026-06-01·CVSS 7.8
CVE-2026-0257 [HIGH] ⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## ⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More
Monday hit like a cron job with anger issues.
A busted auth path here, a repo-side faceplant there, some "patched-ish" thing already getting chewed on in the wild, and then the usual bonus round: poisoned dev tools, sketchy forum chatter, phishing kits pretending to be productivity, and AI lowering the bar for people who already thought 'curl | sh' had a personality.
The vibe is simple: old bugs, new wrappers, faster abuse. Patch the obvious crap first. Then read the rest.
## ⚡ Threat of the Week
PAN-OS GlobalProtect Authenticati
https://downloads.isc.org/isc/bind9/9.20.23https://downloads.isc.org/isc/bind9/9.21.22https://kb.isc.org/docs/cve-2026-5947https://access.redhat.com/errata/RHSA-2026:7412https://access.redhat.com/security/cve/CVE-2026-5947https://bugzilla.redhat.com/show_bug.cgi?id=2479772https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5947.json
2026-05-20
Published