CVE-2026-1519

CVE-2026-1519

Name

CVE-2026-1519

Description

If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries (see: https://kb.isc.org/docs/why-does-my-authoritative-server-make-recursive-queries). This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.46, 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.46-S1, and 9.20.9-S1 through 9.20.20-S1.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
security-officer@isc.org	https://downloads.isc.org/isc/bind9/9.18.47
security-officer@isc.org	https://downloads.isc.org/isc/bind9/9.20.21
security-officer@isc.org	https://downloads.isc.org/isc/bind9/9.21.20
security-officer@isc.org	https://kb.isc.org/docs/cve-2026-1519
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2026/04/msg00008.html

Type

URI

security-officer@isc.org

https://downloads.isc.org/isc/bind9/9.18.47

security-officer@isc.org

https://downloads.isc.org/isc/bind9/9.20.21

security-officer@isc.org

https://downloads.isc.org/isc/bind9/9.21.20

security-officer@isc.org

https://kb.isc.org/docs/cve-2026-1519

af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2026/04/msg00008.html

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:isc:bind:::::-:::*`	bind	>= 9.11.0	<= 9.16.50
`cpe:2.3:a:isc:bind:::::-:::*`	bind	>= 9.18.0	< 9.18.47
`cpe:2.3:a:isc:bind:::::-:::*`	bind	>= 9.20.0	< 9.20.21
`cpe:2.3:a:isc:bind:::::-:::*`	bind	>= 9.21.0	< 9.21.20

CPE URI

Source package

Min version

Max version

cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*

bind

>= 9.11.0

<= 9.16.50

cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*

bind

>= 9.18.0

< 9.18.47

cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*

bind

>= 9.20.0

< 9.20.21

cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*

bind

>= 9.21.0

< 9.21.20

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
bind	edge-main	9.20.21-r0	Mike Crute <mike@crute.us>	fixed
bind	edge-main	9.20.20-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.20.19-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.20.18-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.20.17-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.20.16-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.20.15-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.20.13-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.20.12-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.20.11-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.20.10-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.20.9-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.20.8-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.20.7-r4	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.20.7-r3	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.20.7-r2	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.20.7-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.20.6-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.20.5-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.18.33-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.18.32-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.18.31-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.18.29-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.18.28-r1	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.18.28-r0	None	possibly vulnerable
bind	edge-main	9.18.27-r1	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.18.27-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.18.25-r1	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.18.25-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.18.24-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.18.21-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.18.19-r1	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.18.19-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.18.18-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.18.17-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.18.16-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.18.14-r4	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.18.14-r3	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.18.14-r2	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.18.14-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.18.13-r2	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.18.13-r1	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.18.13-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.18.11-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	edge-main	9.18.10-r0	None	possibly vulnerable
bind	edge-main	9.18.9-r0	None	possibly vulnerable
bind	edge-main	9.18.8-r0	None	possibly vulnerable
bind	edge-main	9.18.7-r0	None	possibly vulnerable
bind	edge-main	9.18.5-r0	None	possibly vulnerable
bind	edge-main	9.18.4-r3	None	possibly vulnerable
bind	edge-main	9.18.4-r2	None	possibly vulnerable
bind	edge-main	9.18.3-r2	None	possibly vulnerable
bind	edge-main	9.18.3-r1	None	possibly vulnerable
bind	edge-main	9.18.3-r0	None	possibly vulnerable
bind	edge-main	9.16.29-r0	None	possibly vulnerable
bind	edge-main	9.16.28-r0	None	possibly vulnerable
bind	edge-main	9.16.27-r0	None	possibly vulnerable
bind	edge-main	9.16.25-r0	None	possibly vulnerable
bind	edge-main	9.16.24-r0	None	possibly vulnerable
bind	edge-main	9.16.22-r5	None	possibly vulnerable
bind	edge-main	9.16.22-r4	None	possibly vulnerable
bind	edge-main	9.16.22-r0	None	possibly vulnerable
bind	edge-main	9.16.20-r4	None	possibly vulnerable
bind	edge-main	9.16.20-r3	None	possibly vulnerable
bind	edge-main	9.16.20-r2	None	possibly vulnerable
bind	edge-main	9.16.20-r1	None	possibly vulnerable
bind	edge-main	9.16.20-r0	None	possibly vulnerable
bind	edge-main	9.16.19-r0	None	possibly vulnerable
bind	edge-main	9.16.18-r3	None	possibly vulnerable
bind	edge-main	9.16.18-r2	None	possibly vulnerable
bind	edge-main	9.16.15-r0	None	possibly vulnerable
bind	edge-main	9.16.11-r2	None	possibly vulnerable
bind	edge-main	9.16.6-r0	None	possibly vulnerable
bind	edge-main	9.16.4-r0	None	possibly vulnerable
bind	edge-main	9.14.12-r0	None	possibly vulnerable
bind	edge-main	9.14.8-r0	None	possibly vulnerable
bind	edge-main	9.14.7-r0	None	possibly vulnerable
bind	edge-main	9.14.4-r0	None	possibly vulnerable
bind	edge-main	9.14.1-r0	None	possibly vulnerable
bind	edge-main	9.12.3_p4-r0	None	possibly vulnerable
bind	edge-main	9.12.2_p1-r0	None	possibly vulnerable
bind	edge-main	9.12.1_p2-r0	None	possibly vulnerable
bind	edge-main	9.11.2_p1-r0	None	possibly vulnerable
bind	edge-main	9.11.0_p5-r0	None	possibly vulnerable
bind	3.23-main	9.20.21-r0	Mike Crute <mike@crute.us>	fixed
bind	3.23-main	9.20.20-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.23-main	9.20.19-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.23-main	9.20.18-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.23-main	9.20.17-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.22-main	9.20.21-r0	Mike Crute <mike@crute.us>	fixed
bind	3.22-main	9.20.18-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.22-main	9.20.17-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.22-main	9.20.16-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.22-main	9.20.15-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.22-main	9.20.13-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.22-main	9.20.12-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.22-main	9.20.11-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.22-main	9.20.10-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.22-main	9.20.9-r0	None	possibly vulnerable
bind	3.22-main	9.18.33-r0	None	possibly vulnerable
bind	3.22-main	9.18.28-r0	None	possibly vulnerable
bind	3.22-main	9.18.24-r0	None	possibly vulnerable
bind	3.22-main	9.18.19-r0	None	possibly vulnerable
bind	3.22-main	9.18.11-r0	None	possibly vulnerable
bind	3.22-main	9.18.7-r0	None	possibly vulnerable
bind	3.22-main	9.16.27-r0	None	possibly vulnerable
bind	3.22-main	9.16.22-r0	None	possibly vulnerable
bind	3.22-main	9.16.20-r0	None	possibly vulnerable
bind	3.22-main	9.16.15-r0	None	possibly vulnerable
bind	3.22-main	9.16.11-r2	None	possibly vulnerable
bind	3.22-main	9.16.6-r0	None	possibly vulnerable
bind	3.22-main	9.16.4-r0	None	possibly vulnerable
bind	3.22-main	9.14.12-r0	None	possibly vulnerable
bind	3.22-main	9.14.8-r0	None	possibly vulnerable
bind	3.22-main	9.14.7-r0	None	possibly vulnerable
bind	3.22-main	9.14.4-r0	None	possibly vulnerable
bind	3.22-main	9.14.1-r0	None	possibly vulnerable
bind	3.22-main	9.12.3_p4-r0	None	possibly vulnerable
bind	3.22-main	9.12.2_p1-r0	None	possibly vulnerable
bind	3.22-main	9.12.1_p2-r0	None	possibly vulnerable
bind	3.22-main	9.11.2_p1-r0	None	possibly vulnerable
bind	3.22-main	9.11.0_p5-r0	None	possibly vulnerable
bind	3.21-main	9.18.47-r0	Mike Crute <mike@crute.us>	fixed
bind	3.21-main	9.18.44-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.21-main	9.18.41-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.21-main	9.18.39-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.21-main	9.18.37-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.21-main	9.18.36-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.21-main	9.18.35-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.21-main	9.18.34-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.21-main	9.18.33-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.21-main	9.18.32-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.21-main	9.18.31-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.21-main	9.18.28-r0	None	possibly vulnerable
bind	3.21-main	9.18.24-r0	None	possibly vulnerable
bind	3.21-main	9.18.19-r0	None	possibly vulnerable
bind	3.21-main	9.18.11-r0	None	possibly vulnerable
bind	3.21-main	9.18.7-r0	None	possibly vulnerable
bind	3.21-main	9.16.27-r0	None	possibly vulnerable
bind	3.21-main	9.16.22-r0	None	possibly vulnerable
bind	3.21-main	9.16.20-r0	None	possibly vulnerable
bind	3.21-main	9.16.15-r0	None	possibly vulnerable
bind	3.21-main	9.16.11-r2	None	possibly vulnerable
bind	3.21-main	9.16.6-r0	None	possibly vulnerable
bind	3.21-main	9.16.4-r0	None	possibly vulnerable
bind	3.21-main	9.14.12-r0	None	possibly vulnerable
bind	3.21-main	9.14.8-r0	None	possibly vulnerable
bind	3.21-main	9.14.7-r0	None	possibly vulnerable
bind	3.21-main	9.14.4-r0	None	possibly vulnerable
bind	3.21-main	9.14.1-r0	None	possibly vulnerable
bind	3.21-main	9.12.3_p4-r0	None	possibly vulnerable
bind	3.21-main	9.12.2_p1-r0	None	possibly vulnerable
bind	3.21-main	9.12.1_p2-r0	None	possibly vulnerable
bind	3.21-main	9.11.2_p1-r0	None	possibly vulnerable
bind	3.21-main	9.11.0_p5-r0	None	possibly vulnerable
bind	3.20-main	9.18.47-r0	Mike Crute <mike@crute.us>	fixed
bind	3.20-main	9.18.44-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.20-main	9.18.41-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.20-main	9.18.39-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.20-main	9.18.37-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.20-main	9.18.36-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.20-main	9.18.35-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.20-main	9.18.34-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.20-main	9.18.33-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.20-main	9.18.32-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.20-main	9.18.31-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.20-main	9.18.27-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.20-main	9.18.24-r0	None	possibly vulnerable
bind	3.20-main	9.18.19-r0	None	possibly vulnerable
bind	3.20-main	9.18.11-r0	None	possibly vulnerable
bind	3.20-main	9.18.7-r0	None	possibly vulnerable
bind	3.20-main	9.16.27-r0	None	possibly vulnerable
bind	3.20-main	9.16.22-r0	None	possibly vulnerable
bind	3.20-main	9.16.20-r0	None	possibly vulnerable
bind	3.20-main	9.16.15-r0	None	possibly vulnerable
bind	3.20-main	9.16.11-r2	None	possibly vulnerable
bind	3.20-main	9.16.6-r0	None	possibly vulnerable
bind	3.20-main	9.16.4-r0	None	possibly vulnerable
bind	3.20-main	9.14.12-r0	None	possibly vulnerable
bind	3.20-main	9.14.8-r0	None	possibly vulnerable
bind	3.20-main	9.14.7-r0	None	possibly vulnerable
bind	3.20-main	9.14.4-r0	None	possibly vulnerable
bind	3.20-main	9.14.1-r0	None	possibly vulnerable
bind	3.20-main	9.12.3_p4-r0	None	possibly vulnerable
bind	3.20-main	9.12.2_p1-r0	None	possibly vulnerable
bind	3.20-main	9.12.1_p2-r0	None	possibly vulnerable
bind	3.20-main	9.11.2_p1-r0	None	possibly vulnerable
bind	3.20-main	9.11.0_p5-r0	None	possibly vulnerable
bind	3.19-main	9.18.44-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.19-main	9.18.41-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.19-main	9.18.39-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.19-main	9.18.37-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.19-main	9.18.36-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.19-main	9.18.35-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.19-main	9.18.34-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.19-main	9.18.33-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.19-main	9.18.32-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.19-main	9.18.31-r0	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.19-main	9.18.24-r1	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.19-main	9.18.24-r0	None	possibly vulnerable
bind	3.19-main	9.18.19-r1	Mike Crute <mike@crute.us>	possibly vulnerable
bind	3.19-main	9.18.19-r0	None	possibly vulnerable
bind	3.19-main	9.18.11-r0	None	possibly vulnerable
bind	3.19-main	9.18.7-r0	None	possibly vulnerable
bind	3.19-main	9.16.27-r0	None	possibly vulnerable
bind	3.19-main	9.16.22-r0	None	possibly vulnerable
bind	3.19-main	9.16.20-r0	None	possibly vulnerable
bind	3.19-main	9.16.15-r0	None	possibly vulnerable
bind	3.19-main	9.16.11-r2	None	possibly vulnerable
bind	3.19-main	9.16.6-r0	None	possibly vulnerable
bind	3.19-main	9.16.4-r0	None	possibly vulnerable
bind	3.19-main	9.14.12-r0	None	possibly vulnerable
bind	3.19-main	9.14.8-r0	None	possibly vulnerable
bind	3.19-main	9.14.7-r0	None	possibly vulnerable
bind	3.19-main	9.14.4-r0	None	possibly vulnerable
bind	3.19-main	9.14.1-r0	None	possibly vulnerable
bind	3.19-main	9.12.3_p4-r0	None	possibly vulnerable
bind	3.19-main	9.12.2_p1-r0	None	possibly vulnerable
bind	3.19-main	9.12.1_p2-r0	None	possibly vulnerable
bind	3.19-main	9.11.2_p1-r0	None	possibly vulnerable
bind	3.19-main	9.11.0_p5-r0	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages