Use-After-Return Vulnerability in BIND 9 DNS Server by ISC
CVE-2026-3591

5.4MEDIUM

Key Information:

Vendor

Isc
Status
Bind 9
Vendor
CVE Published:
25 March 2026

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2026-3591?

CVE-2026-3591 is a severe vulnerability affecting the BIND 9 DNS server, developed by the Internet Systems Consortium (ISC). BIND (Berkeley Internet Name Domain) is widely used for resolving domain names into IP addresses, playing a critical role in internet functionality. This particular vulnerability is classified as a use-after-return flaw, which occurs when the DNS server mishandles certain queries that are signed with SIG(0). An attacker leveraging this vulnerability could craft a malicious DNS request that leads to improper matching of access control lists (ACLs). In environments configured with default-allow ACLs, this can result in unauthorized access, posing significant security risks for organizations relying on BIND for their DNS infrastructure.

The vulnerability impacts specific versions of BIND 9, including those ranging from 9.20.0 to 9.20.20 and 9.21.0 to 9.21.19, but does not affect earlier or patched versions. The potential for exploitation highlights the need for organizations to ensure they are operating secure configurations, as failing to patch can lead to significant security lapses.

Potential impact of CVE-2026-3591

  1. Unauthorized Access: The primary risk involves the potential for attackers to gain unauthorized access to systems and resources. If an ACL improperly matches due to this vulnerability, malicious actors can exploit this to perform actions that would typically be restricted.

  2. Compromise of DNS Integrity: As BIND is responsible for DNS resolution, successful exploitation of this vulnerability could undermine the integrity of DNS operations, leading to misrouting of traffic, interception of sensitive data, or redirection to malicious sites.

  3. Increased Attack Surface: With known exploitations observed, organizations that remain unpatched could become prime targets for further attacks, including ransomware and other malware delivery methods, leading to broader ramifications across networks and systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

BIND 9 9.20.0 <= 9.20.20

BIND 9 9.21.0 <= 9.21.19

BIND 9 9.20.9-S1 <= 9.20.20-S1

References

https://kb.isc.org/docs/cve-2026-3591
vendor-advisory
https://downloads.isc.org/isc/bind9/9.20.21
patch
https://downloads.isc.org/isc/bind9/9.21.20
patch

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

ISC would like to thank Mcsky23 for bringing this vulnerability to our attention.
JSON
.