Vulnerability Details CVE-2026-3591
A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly (mis)match an IP address. In a default-allow ACL (denying only specific IP addresses), this may lead to unauthorized access. Default-deny ACLs should fail-secure.
This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1.
BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.0%
CVSS Severity
CVSS v3 Score 5.4
References
Products affected by CVE-2026-3591
-
cpe:2.3:a:isc:bind:9.20.0
-
cpe:2.3:a:isc:bind:9.20.1
-
cpe:2.3:a:isc:bind:9.20.10
-
cpe:2.3:a:isc:bind:9.20.11
-
cpe:2.3:a:isc:bind:9.20.12
-
cpe:2.3:a:isc:bind:9.20.13
-
cpe:2.3:a:isc:bind:9.20.15
-
cpe:2.3:a:isc:bind:9.20.16
-
cpe:2.3:a:isc:bind:9.20.17
-
cpe:2.3:a:isc:bind:9.20.18
-
cpe:2.3:a:isc:bind:9.20.19
-
cpe:2.3:a:isc:bind:9.20.2
-
cpe:2.3:a:isc:bind:9.20.20
-
cpe:2.3:a:isc:bind:9.20.3
-
cpe:2.3:a:isc:bind:9.20.4
-
cpe:2.3:a:isc:bind:9.20.5
-
cpe:2.3:a:isc:bind:9.20.6
-
cpe:2.3:a:isc:bind:9.20.7
-
cpe:2.3:a:isc:bind:9.20.8
-
cpe:2.3:a:isc:bind:9.20.9
-
cpe:2.3:a:isc:bind:9.21.0
-
cpe:2.3:a:isc:bind:9.21.1
-
cpe:2.3:a:isc:bind:9.21.10
-
cpe:2.3:a:isc:bind:9.21.11
-
cpe:2.3:a:isc:bind:9.21.12
-
cpe:2.3:a:isc:bind:9.21.14
-
cpe:2.3:a:isc:bind:9.21.15
-
cpe:2.3:a:isc:bind:9.21.16
-
cpe:2.3:a:isc:bind:9.21.17
-
cpe:2.3:a:isc:bind:9.21.18
-
cpe:2.3:a:isc:bind:9.21.19
-
cpe:2.3:a:isc:bind:9.21.2
-
cpe:2.3:a:isc:bind:9.21.3
-
cpe:2.3:a:isc:bind:9.21.4
-
cpe:2.3:a:isc:bind:9.21.5
-
cpe:2.3:a:isc:bind:9.21.6
-
cpe:2.3:a:isc:bind:9.21.7
-
cpe:2.3:a:isc:bind:9.21.8
-
cpe:2.3:a:isc:bind:9.21.9