CVEFinder.io

CVE-2026-3593

⚠️ high
🔍 Scan for this CVE
Summary

A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected.

CVSS Score
7.4
High
EPSS Score
0.0
Exploit Probability
Published Date
2026-05-20
First Seen: 2026-05-21
📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 56.9% of all 329,778 vulnerabilities in our database.

#141,986
Above average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 20, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Partial
Limited system impact
🏆 Discovered By
ISC would like to thank Naresh Kandula Parmar (Nottiboy) for bringing this vulnerability to our attention.
SSVC data provided by CISA
Last Modified 2026-05-21
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
CWE IDs (Weakness Types)
CWE-416

📦 Affected Products 2

Vendor Product Status Affected Versions
isc bind Affected
> 9.20.0 < 9.20.23
isc bind Affected
> 9.21.0 < 9.21.22

🔗 References 3

https://downloads.isc.org/isc/bind9/9.20.23
Patch
https://downloads.isc.org/isc/bind9/9.21.22
Patch
https://kb.isc.org/docs/cve-2026-3593
Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-3039 ⚠️ high 7.5 0.1 BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory ... 2026-05-20
CVE-2026-3592 🔶 medium 5.3 0.0 BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a quer... 2026-05-20
CVE-2026-5946 ⚠️ high 7.5 0.1 Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`... 2026-05-20
CVE-2026-5947 ⚠️ high 7.5 0.0 Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incomi... 2026-05-20
CVE-2026-5950 🔶 medium 5.3 0.1 An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling ... 2026-05-20
CVE-2026-1519 ⚠️ high 7.5 0.1 If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume e... 2026-03-25
These CVEs affect the same products