Amplified Resource Exhaustion Vulnerability in BIND Resolvers by ISC
CVE-2026-3592

5.3MEDIUM

Key Information:

Vendor: Isc
Status: Bind 9
Vendor: CVE Published:; 20 May 2026

Badges

👾 Exploit Exists

What is CVE-2026-3592?

BIND resolvers are susceptible to an amplified resource consumption attack, where a specially crafted DNS query can lead to excessive resource utilization. This vulnerability exists across multiple BIND 9 versions, causing the affected resolvers to exhaust their computational resources, potentially leading to service outages and degraded performance.

Affected Version(s)

BIND 9 9.11.0 <= 9.16.50

BIND 9 9.18.0 <= 9.18.48

BIND 9 9.20.0 <= 9.20.22

References

https://kb.isc.org/docs/cve-2026-3592

vendor-advisory

https://downloads.isc.org/isc/bind9/9.18.49

patch

https://downloads.isc.org/isc/bind9/9.20.23

patch

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
May 20, 2026
Vulnerability published
May 20, 2026
Vulnerability Reserved
Mar 5, 2026

Credit

ISC would like to thank Shuhan Zhang from Tsinghua University for bringing this vulnerability to our attention.

CVE-2026-3592 Data

JSON

Isc

Badges

What is CVE-2026-3592?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit