CVEFinder.io

CVE-2026-5947

⚠️ high
🔍 Scan for this CVE
Summary

Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG(0), it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached (as would occur during a query flood), and that same DNS message is discarded per the limit, there is a brief window of time while the SIG(0) validation may attempt to read the now-discarded DNS message. This issue affects BIND 9 ve

Description

Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG(0), it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached (as would occur during a query flood), and that same DNS message is discarded per the limit, there is a brief window of time while the SIG(0) validation may attempt to read the now-discarded DNS message.
This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1.
BIND 9 versions 9.18.28 through 9.18.49 and 9.18.28-S1 through 9.18.49-S1 are NOT affected.

CVSS Score
7.5
High
EPSS Score
0.0
Exploit Probability
Published Date
2026-05-20
First Seen: 2026-05-21
📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 68.9% of all 329,778 vulnerabilities in our database.

#102,523
Above average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 20, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
YES
Can be exploited automatically
💥 Technical Impact
Partial
Limited system impact
🏆 Discovered By
ISC would like to thank Naoki Wakamatsu for bringing this vulnerability to our attention.
SSVC data provided by CISA
Last Modified 2026-05-21
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE IDs (Weakness Types)
CWE-362 CWE-416

📦 Affected Products 2

Vendor Product Status Affected Versions
isc bind Affected
> 9.20.0 < 9.20.23
isc bind Affected
> 9.21.0 < 9.21.22

🔗 References 3

https://downloads.isc.org/isc/bind9/9.20.23
Patch
https://downloads.isc.org/isc/bind9/9.21.22
Patch
https://kb.isc.org/docs/cve-2026-5947
Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-3039 ⚠️ high 7.5 0.1 BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory ... 2026-05-20
CVE-2026-3592 🔶 medium 5.3 0.0 BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a quer... 2026-05-20
CVE-2026-3593 ⚠️ high 7.4 0.0 A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.... 2026-05-20
CVE-2026-5946 ⚠️ high 7.5 0.1 Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`... 2026-05-20
CVE-2026-5950 🔶 medium 5.3 0.1 An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling ... 2026-05-20
CVE-2026-1519 ⚠️ high 7.5 0.1 If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume e... 2026-03-25
These CVEs affect the same products