Internet Systems Consortium (ISC) disclosed four vulnerabilities in BIND 9 affecting supported releases and Supported Preview Edition builds, including CVE-2026-1519, CVE-2026-3104, CVE-2026-3119, and CVE-2026-3591. The flaws impact DNSSEC validation and proof generation, authenticated queries containing TKEY records, and SIG(0) handling. Reported consequences include excessive CPU consumption during insecure delegation validation, a memory leak while preparing DNSSEC proofs, unexpected termination of the named daemon, and a stack use-after-return condition that could allow an ACL bypass.
Affected branches include BIND 9.11, 9.18, 9.20, and 9.21 across specified version ranges, and ISC said the public disclosure ended the embargo period so prepared packages could be released. Patched versions were issued as 9.18.47, 9.20.21, and 9.21.20, and the Canadian Centre for Cyber Security urged administrators to review ISC’s advisories and apply the required updates.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
6 events from the most recent confirmed update back to the earliest known activity.
On 2026-04-01, Belgium's Centre for Cybersecurity Belgium (CCB) published an advisory warning about the ISC BIND 9 DNS vulnerabilities and urging organizations to patch immediately. The notice represents another downstream national CERT/government response following ISC's March 25 disclosure and fixes.
On 2026-03-31, F5 published product advisory K000160559 regarding BIND vulnerability CVE-2026-3104. This represents a downstream vendor response identifying impact and/or remediation guidance for F5 customers.
On 2026-03-29, Microsoft published a Security Update Guide entry for CVE-2026-3104, the BIND vulnerability involving a memory leak in DNSSEC proof preparation. This represents a separate downstream vendor advisory acknowledging the flaw and providing Microsoft-specific tracking or remediation information.
On 2026-03-27, Debian published security advisory DSA 6181-1 announcing a bind9 security update to address the recently disclosed ISC BIND 9 vulnerabilities. The advisory reflects downstream package remediation for Debian users following ISC's upstream fixes.
On 2026-03-25, the Canadian Centre for Cyber Security published advisory AV26-280 summarizing the newly disclosed ISC BIND vulnerabilities and their impact on supported BIND 9 branches and Supported Preview Edition builds. The agency urged administrators to review ISC's advisories and apply the required updates.
On 2026-03-25, Internet Systems Consortium publicly disclosed four vulnerabilities in BIND 9—CVE-2026-1519, CVE-2026-3104, CVE-2026-3119, and CVE-2026-3591—affecting DNSSEC validation, proof generation, TKEY query handling, and SIG(0) handling. ISC released fixed versions 9.18.47, 9.20.21, and 9.21.20 and said the public announcement ended the embargo period for prepared packages.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
10 references tracked. Mallory keeps watching after this page renders.
ccb.belgium.be
Open sourcemy.f5.com
Open sourcemsrc.microsoft.com
Open sourcelists.debian.org
Open sourcekb.isc.org
Open sourcekb.isc.org
Open sourcekb.isc.org
Open sourceseclists.org
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.