Excessive CPU Consumption Vulnerability in BIND Resolver by ISC
CVE-2026-1519

7.5HIGH

Key Information:

Vendor: Isc
Status: Bind 9
Vendor: CVE Published:; 25 March 2026

Badges

👾 Exploit Exists

What is CVE-2026-1519?

A vulnerability in the BIND resolver allows a maliciously crafted DNS zone to cause excessive CPU consumption during DNSSEC validation. Although generally authoritative-only servers are unaffected, scenarios exist in which these servers could make recursive queries, potentially leading to degraded performance or service interruptions. Specific affected versions include BIND 9.11.0 to 9.16.50, 9.18.0 to 9.18.46, 9.20.0 to 9.20.20, and 9.21.0 to 9.21.19, among others. It is crucial for administrators to review their configurations and apply necessary patches to mitigate this issue.

Affected Version(s)

BIND 9 9.11.0 <= 9.16.50

BIND 9 9.18.0 <= 9.18.46

BIND 9 9.20.0 <= 9.20.20

References

https://kb.isc.org/docs/cve-2026-1519

vendor-advisory

https://downloads.isc.org/isc/bind9/9.18.47

patch

https://downloads.isc.org/isc/bind9/9.20.21

patch

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Mar 25, 2026
Vulnerability published
Mar 25, 2026
Vulnerability Reserved
Jan 28, 2026

Credit

ISC would like to thank Samy Medjahed/Ap4sh for bringing this vulnerability to our attention.

CVE-2026-1519 Data

JSON

Isc

Badges

What is CVE-2026-1519?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit