CVE-2026-1519
If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Author
CVSS
7.5
High
EPSS
1.5%
p72
KEV
—
Exploit Today
22
0-100
Published: Mar 25, 2026 · Last modified: Jul 15, 2026 · CWE-606 · CWE-770
If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries (see: https://kb.isc.org/docs/why-does-my-authoritative-server-make-recursive-queries). This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.46, 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.46-S1, and 9.20.9-S1 through 9.20.20-S1.
- downloads.isc.orghttps://downloads.isc.org/isc/bind9/9.18.47
- downloads.isc.orghttps://downloads.isc.org/isc/bind9/9.20.21
- downloads.isc.orghttps://downloads.isc.org/isc/bind9/9.21.20
- kb.isc.orghttps://kb.isc.org/docs/cve-2026-1519
- lists.debian.orghttps://lists.debian.org/debian-lts-announce/2026/04/msg00008.html
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:11371
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:11372
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:15890
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:16060
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:16064
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:24500
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:24851
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:24934
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:25083
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:25171
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:25214
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:29110
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:29863
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:34048
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:6935