CVE-2026-5950
published 2026-05-20CVE-2026-5950: An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to…
PriorityP434medium5.3CVSS 3.1
AVNACLPRNUINSUCNINAL
EPSS
0.55%
41.9th percentile
An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to cause severe resource exhaustion by sending queries that trigger specific retry conditions.
This issue affects BIND 9 versions 9.18.36 through 9.18.48, 9.20.8 through 9.20.22, 9.21.7 through 9.21.21, 9.18.36-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| isc | bind | — | — |
| isc | bind | >= 9.18.36 < 9.18.49 | 9.18.49 |
| isc | bind | >= 9.20.8 < 9.20.23 | 9.20.23 |
| isc | bind | >= 9.21.7 < 9.21.21 | 9.21.21 |
| isc | bind_9 | 9.18.36 – 9.18.48 | — |
| isc | bind_9 | 9.18.36-S1 – 9.18.48-S1 | — |
| isc | bind_9 | 9.20.8 – 9.20.22 | — |
| isc | bind_9 | 9.20.9-S1 – 9.20.22-S1 | — |
| isc | bind_9 | 9.21.7 – 9.21.21 | — |
| isc | dhcp | — | — |
| ubuntu | bind9 | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
vendor_ubuntu7.5HIGH
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
bind: Unbounded resend loop in BIND 9 resolver
vendor_redhat·2026-05-26·CVSS 5.3
CVE-2026-5950 [MEDIUM] CWE-835 bind: Unbounded resend loop in BIND 9 resolver
bind: Unbounded resend loop in BIND 9 resolver
A flaw was found in BIND 9. A remote, unauthenticated attacker can exploit an unbounded resend loop vulnerability in the resolver state machine during bad-server handling. By sending specially crafted queries that trigger specific retry conditions, the attacker can cause severe resource exhaustion, leading to a Denial of Service (DoS).
Statement: Moderate: This flaw in the BIND 9 resolver's state machine can lead to severe resource exhaustion. A remote, unauthenticated attacker could exploit this by sending specially crafted queries that trigger an unbounded resend loop during bad-server handling, potentially causing a denial of service in affected Red Hat products utilizing BIND as a resolver.
Mitigation: Mitigation for this issue is eithe
Ubuntu
Bind vulnerabilities
vendor_ubuntu·2026-05-21·CVSS 7.5
CVE-2026-5950 [HIGH] Bind vulnerabilities
Title: Bind vulnerabilities
Summary: Several security issues were fixed in Bind.
Vitaly Simonovich discovered that Bind could exhaust memory during GSS-API
TKEY negotiation. A remote attacker could possibly use this issue to cause
Bind to use excessive resources, leading to a denial of service.
(CVE-2026-3039)
Shuhan Zhang discovered that Bind incorrectly handled self-pointed glue
records. A remote attacker could possibly use this issue to use Bind in
denial of service amplification attacks against other systems.
(CVE-2026-3592)
Naresh Kandula Parmar discovered that Bind incorrectly handled memory in
the DNS-over-HTTPS implementation. A remote attacker could possibly use
this issue to cause Bind to crash, resulting in a denial of service, or
execute arbitrary code. This issue only affe
VulDB
ISC BIND up to 9.21.21 Resolver State Machine unchecked input for loop condition
vuldb·2026-05-20·CVSS 5.3
CVE-2026-5950 [MEDIUM] ISC BIND up to 9.21.21 Resolver State Machine unchecked input for loop condition
A vulnerability labeled as problematic has been found in ISC BIND up to 9.18.48/9.18.48-S1/9.20.22/9.20.22-S1/9.21.21. This affects an unknown function of the component Resolver State Machine. The manipulation results in unchecked input for loop condition.
This vulnerability was named CVE-2026-5950. The attack may be performed from remote. There is no available exploit.
GHSA
GHSA-2pjm-rchf-gxmp: An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attac
ghsa_unreviewed·2026-05-20
CVE-2026-5950 [MEDIUM] CWE-606 GHSA-2pjm-rchf-gxmp: An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attac
An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to cause severe resource exhaustion by sending queries that trigger specific retry conditions.
This issue affects BIND 9 versions 9.18.36 through 9.18.48, 9.20.8 through 9.20.22, 9.21.7 through 9.21.21, 9.18.36-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-5950 bind: Unbounded resend loop in BIND 9 resolver [fedora-all]
bugzilla·2026-06-29·CVSS 5.3
CVE-2026-5950 [MEDIUM] CVE-2026-5950 bind: Unbounded resend loop in BIND 9 resolver [fedora-all]
CVE-2026-5950 bind: Unbounded resend loop in BIND 9 resolver [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to cause severe resource exhaustion by sending queries that trigger specific retry conditions.
Bugzilla
CVE-2026-5950 dhcp: Unbounded resend loop in BIND 9 resolver [fedora-all]
bugzilla·2026-06-29·CVSS 5.3
CVE-2026-5950 [MEDIUM] CVE-2026-5950 dhcp: Unbounded resend loop in BIND 9 resolver [fedora-all]
CVE-2026-5950 dhcp: Unbounded resend loop in BIND 9 resolver [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to cause severe resource exhaustion by sending queries that trigger specific retry conditions.
Discussion:
ISC DHCP is not affected. It doesn't act as a DNS resolver. This is a BIND server-side issue.
ISC DHCP uses portions of the ISC BIND libraries (primarily libdns, omapi, and libisccfg) only to support DDNS (TSIG support, DNS message cons
Bugzilla
CVE-2026-5950 bind: Unbounded resend loop in BIND 9 resolver
bugzilla·2026-05-19·CVSS 5.3
CVE-2026-5950 [MEDIUM] CVE-2026-5950 bind: Unbounded resend loop in BIND 9 resolver
CVE-2026-5950 bind: Unbounded resend loop in BIND 9 resolver
An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to cause severe resource exhaustion by sending queries that trigger specific retry conditions.
2026-05-20
Published