Vulnerability in BIND DNS Servers Affecting ISC's GSS-API Token Authentication
CVE-2026-3039

7.5HIGH

Key Information:

Vendor: Isc
Status: Bind 9
Vendor: CVE Published:; 20 May 2026

Badges

👾 Exploit Exists

What is CVE-2026-3039?

BIND servers utilizing TKEY-based authentication via GSS-API tokens face a severe risk of excessive memory consumption when processing specially crafted malicious packets. This vulnerability typically impacts deployments that integrate DNS with Active Directory or utilize Kerberos-secured DNS environments, which can lead to potential service disruptions.

Affected Version(s)

BIND 9 9.0.0 <= 9.16.50

BIND 9 9.18.0 <= 9.18.48

BIND 9 9.20.0 <= 9.20.22

References

https://kb.isc.org/docs/cve-2026-3039

vendor-advisory

https://downloads.isc.org/isc/bind9/9.18.49

patch

https://downloads.isc.org/isc/bind9/9.20.23

patch

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
May 20, 2026
Vulnerability published
May 20, 2026
Vulnerability Reserved
Feb 23, 2026

Credit

ISC would like to thank Vitaly Simonovich for bringing this vulnerability to our attention.

CVE-2026-3039 Data

JSON

Isc

Badges

What is CVE-2026-3039?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit