BIND 9 Vulnerability in Named Service by ISC
CVE-2026-3119

6.5MEDIUM

Key Information:

Vendor

Isc
Status
Bind 9
Vendor
CVE Published:
25 March 2026

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2026-3119?

A vulnerability in the named service of BIND 9 allows it to crash when processing a correctly signed query that includes a TKEY record under specific conditions. This occurs only when a valid transaction signature (TSIG) is present from a key specified in the named configuration. Affected versions include BIND 9.20.0 through 9.20.20, and BIND 9.21.0 through 9.21.19, with patches available for secure operation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

BIND 9 9.20.0 <= 9.20.20

BIND 9 9.21.0 <= 9.21.19

BIND 9 9.20.9-S1 <= 9.20.20-S1

References

https://kb.isc.org/docs/cve-2026-3119
vendor-advisory
https://downloads.isc.org/isc/bind9/9.20.21
patch
https://downloads.isc.org/isc/bind9/9.21.20
patch

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

ISC would like to thank Vitaly Simonovich for bringing this vulnerability to our attention.
JSON
.