Memory Leak Vulnerability in BIND Resolver Affected by ISC
CVE-2026-3104

7.5HIGH

Key Information:

Vendor: Isc
Status: Bind 9
Vendor: CVE Published:; 25 March 2026

Badges

👾 Exploit Exists

What is CVE-2026-3104?

A vulnerability exists in the BIND resolver, which can be exploited by sending a specially crafted DNS query. This can lead to a memory leak, potentially affecting the stability and performance of the resolver under certain conditions. It is essential to update BIND to the latest patched versions to safeguard against this issue.

Affected Version(s)

BIND 9 9.20.0 <= 9.20.20

BIND 9 9.21.0 <= 9.21.19

BIND 9 9.20.9-S1 <= 9.20.20-S1

References

https://kb.isc.org/docs/cve-2026-3104

vendor-advisory

https://downloads.isc.org/isc/bind9/9.20.21

patch

https://downloads.isc.org/isc/bind9/9.21.20

patch

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Mar 25, 2026
Vulnerability published
Mar 25, 2026
Vulnerability Reserved
Feb 24, 2026

Credit

ISC would like to thank Vitaly Simonovich for bringing this vulnerability to our attention.

CVE-2026-3104 Data

JSON

Isc

Badges

What is CVE-2026-3104?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit