Serial number: AV26-280
Date: March 25, 2026
On March 25, 2026, ISC published security advisories to address vulnerabilities in the following products:
- ISC BIND 9 – versions 9.11.0 to 9.16.50
- ISC BIND 9 – versions 9.18.0 to 9.18.46
- ISC BIND 9 – versions 9.20.0 to 9.20.20
- ISC BIND 9 – versions 9.21.0 to 9.21.19
- BIND Supported Preview Edition – versions 9.11.3-S1 to 9.16.50-S1
- BIND Supported Preview Edition – versions 9.18.11-S1 to 9.18.46-S1
- BIND Supported Preview Edition – versions 9.20.9-S1 to 9.20.20-S1
The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.
- CVE-2026-1519: Excessive NSEC3 iterations cause high CPU load during insecure delegation validation
- CVE-2026-3104: Memory leak in code preparing DNSSEC proofs of non-existence
- CVE-2026-3119: Authenticated query containing a TKEY record may cause named to terminate unexpectedly
- CVE-2026-3591: A stack use-after-return flaw in SIG(0) handling code may enable ACL bypass
- BIND 9 Security Vulnerability Matrix