Other information and services of the government: www.belgium.be Centre for Cybersecurity Belgium
search

Warning: ISC BIND 9 DNS Vulnerabilities, Patch Immediately!

Image
Decorative image
Published : 01/04/2026
  • Last update: 31/03/2026
  • Affected software:
    → ISC BIND 9
  • Type:
    → CWE-772: Missing Release of Resource after Effective Lifetime
    → CWE-606: Unchecked Input for Loop Condition
  • CVE/CVSS
    → CVE-2026-3104: CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
    → CVE-2026-1519: CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Sources

ISC - https://kb.isc.org/docs/cve-2026-3104
ISC - https://kb.isc.org/docs/cve-2026-1519

Risks

The Internet Systems Consortium (ISC) patched several vulnerabilities in ISC BIND 9, a widely used DNS server software. DNS is the backbone of nearly all network services and if it goes down, email, websites, authentication, and cloud applications all stop working.

CVE-2026-3104 and CVE-2026-1519 are two high-severity vulnerabilities (CVSS 7.5). Both flaws allow a remote attacker to cause a denial of service without any authentication, simply by sending crafted DNS queries. ISC is not aware of any active exploitation in the wild. These are not zero-days, patches were available at disclosure. No public proof-of-concept code has been reported.

Description

CVE-2026-3104: Memory Leak (High)
A specially crafted domain causes a memory leak in BIND resolvers through the DNSSEC proof-of-non-existence code. Memory is never freed, leading to out-of-memory conditions. Affects BIND 9.20.0 -> 9.20.20 and 9.21.0 -> 9.21.19. No workarounds known.

CVE-2026-1519: CPU Exhaustion (High)
Maliciously crafted zones with excessive NSEC3 iterations cause high CPU load during DNSSEC validation. Affects BIND 9.11.0 through 9.21.19 across all branches. Workaround: disabling DNSSEC validation prevents exploitation but is not recommended: (dnssec-validation no;).

Recommended Actions

Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.

Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.

Monitor DNS resolvers for abnormal memory growth or CPU spikes.

In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.

While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.

References

NVD - https://nvd.nist.gov/vuln/detail/CVE-2026-3104
NVD - https://nvd.nist.gov/vuln/detail/CVE-2026-1519