{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3119", "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "state": "PUBLISHED", "assignerShortName": "isc", "dateReserved": "2026-02-24T12:29:14.561Z", "datePublished": "2026-03-25T13:31:54.806Z", "dateUpdated": "2026-03-25T14:13:54.588Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc", "dateUpdated": "2026-03-25T13:31:54.806Z"}, "title": "Authenticated query containing a TKEY record may cause named to terminate unexpectedly", "datePublic": "2026-03-25T00:00:00.000Z", "affected": [{"vendor": "ISC", "product": "BIND 9", "versions": [{"version": "9.20.0", "lessThanOrEqual": "9.20.20", "status": "affected", "versionType": "custom"}, {"version": "9.21.0", "lessThanOrEqual": "9.21.19", "status": "affected", "versionType": "custom"}, {"version": "9.20.9-S1", "lessThanOrEqual": "9.20.20-S1", "status": "affected", "versionType": "custom"}, {"version": "9.18.0", "lessThanOrEqual": "9.18.46", "status": "unaffected", "versionType": "custom"}, {"version": "9.18.11-S1", "lessThanOrEqual": "9.18.46-S1", "status": "unaffected", "versionType": "custom"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"nodes": [{"operator": "OR", "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.20.0", "versionEndIncluding": "9.20.20"}, {"vulnerable": true, "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.21.0", "versionEndIncluding": "9.21.19"}, {"vulnerable": true, "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.20.9-S1", "versionEndIncluding": "9.20.20-S1"}, {"vulnerable": false, "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.18.0", "versionEndIncluding": "9.18.46"}, {"vulnerable": false, "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.18.11-S1", "versionEndIncluding": "9.18.46-S1"}]}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-617", "description": "CWE-617 Reachable Assertion"}]}], "descriptions": [{"lang": "en", "value": "Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature (TSIG) from a key declared in the `named` configuration.\nThis issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1.\nBIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected."}], "impacts": [{"descriptions": [{"lang": "en", "value": "If this situation is encountered, `named` will terminate unexpectedly."}]}], "workarounds": [{"lang": "en", "value": "Remove any TSIG keys that might be used by an attacker."}], "exploits": [{"lang": "en", "value": "We are not aware of any active exploits."}], "solutions": [{"lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.20.21, 9.21.20, or 9.20.21-S1."}], "credits": [{"lang": "en", "value": "ISC would like to thank Vitaly Simonovich for bringing this vulnerability to our attention."}], "references": [{"url": "https://kb.isc.org/docs/cve-2026-3119", "name": "CVE-2026-3119", "tags": ["vendor-advisory"]}, {"url": "https://downloads.isc.org/isc/bind9/9.20.21", "tags": ["patch"]}, {"url": "https://downloads.isc.org/isc/bind9/9.21.20", "tags": ["patch"]}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-25T14:13:41.579382Z", "id": "CVE-2026-3119", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T14:13:54.588Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3119", "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "state": "PUBLISHED", "assignerShortName": "isc", "dateReserved": "2026-02-24T12:29:14.561Z", "datePublished": "2026-03-25T13:31:54.806Z", "dateUpdated": "2026-03-25T14:13:54.588Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc", "dateUpdated": "2026-03-25T13:31:54.806Z"}, "title": "Authenticated query containing a TKEY record may cause named to terminate unexpectedly", "datePublic": "2026-03-25T00:00:00.000Z", "affected": [{"vendor": "ISC", "product": "BIND 9", "versions": [{"version": "9.20.0", "lessThanOrEqual": "9.20.20", "status": "affected", "versionType": "custom"}, {"version": "9.21.0", "lessThanOrEqual": "9.21.19", "status": "affected", "versionType": "custom"}, {"version": "9.20.9-S1", "lessThanOrEqual": "9.20.20-S1", "status": "affected", "versionType": "custom"}, {"version": "9.18.0", "lessThanOrEqual": "9.18.46", "status": "unaffected", "versionType": "custom"}, {"version": "9.18.11-S1", "lessThanOrEqual": "9.18.46-S1", "status": "unaffected", "versionType": "custom"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"nodes": [{"operator": "OR", "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.20.0", "versionEndIncluding": "9.20.20"}, {"vulnerable": true, "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.21.0", "versionEndIncluding": "9.21.19"}, {"vulnerable": true, "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.20.9-S1", "versionEndIncluding": "9.20.20-S1"}, {"vulnerable": false, "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.18.0", "versionEndIncluding": "9.18.46"}, {"vulnerable": false, "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.18.11-S1", "versionEndIncluding": "9.18.46-S1"}]}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-617", "description": "CWE-617 Reachable Assertion"}]}], "descriptions": [{"lang": "en", "value": "Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature (TSIG) from a key declared in the `named` configuration.\nThis issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1.\nBIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected."}], "impacts": [{"descriptions": [{"lang": "en", "value": "If this situation is encountered, `named` will terminate unexpectedly."}]}], "workarounds": [{"lang": "en", "value": "Remove any TSIG keys that might be used by an attacker."}], "exploits": [{"lang": "en", "value": "We are not aware of any active exploits."}], "solutions": [{"lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.20.21, 9.21.20, or 9.20.21-S1."}], "credits": [{"lang": "en", "value": "ISC would like to thank Vitaly Simonovich for bringing this vulnerability to our attention."}], "references": [{"url": "https://kb.isc.org/docs/cve-2026-3119", "name": "CVE-2026-3119", "tags": ["vendor-advisory"]}, {"url": "https://downloads.isc.org/isc/bind9/9.20.21", "tags": ["patch"]}, {"url": "https://downloads.isc.org/isc/bind9/9.21.20", "tags": ["patch"]}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3119", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-25T14:13:41.579382Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T14:13:48.560Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature (TSIG) from a key declared in the `named` configuration.\nThis issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1.\nBIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected."}], "id": "CVE-2026-3119", "lastModified": "2026-03-25T15:41:33.977", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-officer@isc.org", "type": "Primary"}]}, "published": "2026-03-25T14:16:37.097", "references": [{"source": "security-officer@isc.org", "url": "https://downloads.isc.org/isc/bind9/9.20.21"}, {"source": "security-officer@isc.org", "url": "https://downloads.isc.org/isc/bind9/9.21.20"}, {"source": "security-officer@isc.org", "url": "https://kb.isc.org/docs/cve-2026-3119"}], "sourceIdentifier": "security-officer@isc.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-617"}], "source": "security-officer@isc.org", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-03-25T15:51:13.769107+00:00", "value": {"mitigation_remediation": ["Upgrade to the patched release 9.20.21, 9.21.20, or 9.20.21-S1.", "Remove any TSIG keys that might be used by an attacker."], "summary": {"action": "Patch BIND", "impact": "Denial of Service via crash"}, "threat_synthesis": {"affected_systems": "The vulnerable product is ISC BIND 9. Versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9\u2011S1 through 9.20.20\u2011S1 are affected. Earlier releases, such as 9.18.x and the corresponding -S1 variants, are not impacted.", "description_and_impact": "Under specific conditions the DNS server named may terminate when it processes a query that contains a TKEY record and is correctly signed with TSIG. The flaw is triggered only if the request carries a valid transaction signature derived from a TSIG key defined in the configuration, leading to an unexpected crash of the daemon. This results in a denial\u2011of\u2011service impact whereby the DNS service becomes unavailable until the process is restarted.", "risk_and_exploitability": "The CVSS score of 6.5 places this issue in the medium severity range. No EPSS score is available and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires a valid TSIG key; therefore the attack surface is limited to environments where the server accepts authenticated queries or where a TSIG key can be compromised. An attacker with such a key can send a crafted query that will crash the server and temporarily interrupt DNS service. Disabling TSIG validation or removing unneeded TSIG keys effectively mitigates the risk."}}}}, "created": "2026-03-25T21:31:10.449801+00:00", "updated": "2026-03-25T21:31:10.449829+00:00", "vendors": []}