CVE-2026-1519

{"id": "CVE-2026-1519", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-officer@isc.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2026-03-25T14:16:33.110", "references": [{"url": "https://downloads.isc.org/isc/bind9/9.18.47", "tags": ["Patch"], "source": "security-officer@isc.org"}, {"url": "https://downloads.isc.org/isc/bind9/9.20.21", "tags": ["Patch"], "source": "security-officer@isc.org"}, {"url": "https://downloads.isc.org/isc/bind9/9.21.20", "tags": ["Patch"], "source": "security-officer@isc.org"}, {"url": "https://kb.isc.org/docs/cve-2026-1519", "tags": ["Vendor Advisory"], "source": "security-officer@isc.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00008.html", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-officer@isc.org", "description": [{"lang": "en", "value": "CWE-606"}]}], "descriptions": [{"lang": "en", "value": "If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries (see: https://kb.isc.org/docs/why-does-my-authoritative-server-make-recursive-queries).\nThis issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.46, 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.46-S1, and 9.20.9-S1 through 9.20.20-S1."}, {"lang": "es", "value": "Si un resolvedor BIND est\u00e1 realizando validaci\u00f3n DNSSEC y encuentra una zona creada maliciosamente, el resolvedor puede consumir CPU excesiva. Los servidores solo autoritativos generalmente no se ven afectados, aunque hay circunstancias en las que los servidores autoritativos pueden realizar consultas recursivas (ver: https://kb.isc.org/docs/why-does-my-authoritative-server-make-recursive-queries).\nEste problema afecta a las versiones de BIND 9 9.11.0 a 9.16.50, 9.18.0 a 9.18.46, 9.20.0 a 9.20.20, 9.21.0 a 9.21.19, 9.11.3-S1 a 9.16.50-S1, 9.18.11-S1 a 9.18.46-S1, y 9.20.9-S1 a 9.20.20-S1."}], "lastModified": "2026-05-21T15:24:01.930", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "9EC5B9B1-25F2-48CA-9E8A-59D8E81D408A", "versionEndIncluding": "9.16.50", "versionStartIncluding": "9.11.0"}, {"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "4DC8EC77-8200-45EC-B006-73E48A67A1B8", "versionEndExcluding": "9.18.47", "versionStartIncluding": "9.18.0"}, {"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "2C0EF5D0-68A6-4E00-985B-523D9B243E49", "versionEndExcluding": "9.20.21", "versionStartIncluding": "9.20.0"}, {"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "B1DD0950-5CBD-49B2-8007-5E96B3C4FB1B", "versionEndExcluding": "9.21.20", "versionStartIncluding": "9.21.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-officer@isc.org"}