{"api_version":"1","generated_at":"2026-06-02T01:09:01+00:00","cve":"CVE-2026-3039","urls":{"html":"https://cve.report/CVE-2026-3039","api":"https://cve.report/api/cve/CVE-2026-3039.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-3039","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-3039"},"summary":{"title":"BIND 9 server memory exhaustion during GSS-API TKEY negotiation","description":"BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets.  Typically these servers will be found in Active Directory integrated DNS deployments and/or Kerberos-secured DNS environments.\nThis issue affects BIND 9 versions 9.0.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.9.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1.","state":"PUBLISHED","assigner":"isc","published_at":"2026-05-20 13:16:23","updated_at":"2026-05-21 15:24:27"},"problem_types":["CWE-771","CWE-771 CWE-771 Missing Reference to Active Allocated Resource"],"metrics":[{"version":"3.1","source":"security-officer@isc.org","type":"Primary","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}}],"references":[{"url":"https://downloads.isc.org/isc/bind9/9.21.22","name":"https://downloads.isc.org/isc/bind9/9.21.22","refsource":"security-officer@isc.org","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://kb.isc.org/docs/cve-2026-3039","name":"https://kb.isc.org/docs/cve-2026-3039","refsource":"security-officer@isc.org","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://downloads.isc.org/isc/bind9/9.20.23","name":"https://downloads.isc.org/isc/bind9/9.20.23","refsource":"security-officer@isc.org","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://downloads.isc.org/isc/bind9/9.18.49","name":"https://downloads.isc.org/isc/bind9/9.18.49","refsource":"security-officer@isc.org","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-3039","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3039","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"ISC","product":"BIND 9","version":"affected 9.0.0 9.16.50 custom","platforms":[]},{"source":"CNA","vendor":"ISC","product":"BIND 9","version":"affected 9.18.0 9.18.48 custom","platforms":[]},{"source":"CNA","vendor":"ISC","product":"BIND 9","version":"affected 9.20.0 9.20.22 custom","platforms":[]},{"source":"CNA","vendor":"ISC","product":"BIND 9","version":"affected 9.21.0 9.21.21 custom","platforms":[]},{"source":"CNA","vendor":"ISC","product":"BIND 9","version":"affected 9.9.3-S1 9.16.50-S1 custom","platforms":[]},{"source":"CNA","vendor":"ISC","product":"BIND 9","version":"affected 9.18.11-S1 9.18.48-S1 custom","platforms":[]},{"source":"CNA","vendor":"ISC","product":"BIND 9","version":"affected 9.20.9-S1 9.20.22-S1 custom","platforms":[]}],"timeline":[],"solutions":[{"source":"CNA","title":"","value":"Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.49, 9.20.23, 9.21.22, 9.18.49-S1, or 9.20.23-S1.","time":"","lang":"en"}],"workarounds":[{"source":"CNA","title":"","value":"No workarounds known.","time":"","lang":"en"}],"exploits":[{"source":"CNA","title":"","value":"We are not aware of any active exploits.","time":"","lang":"en"}],"credits":[{"source":"CNA","value":"ISC would like to thank Vitaly Simonovich for bringing this vulnerability to our attention.","lang":"en"}],"nvd_cpes":[{"cve_year":"2026","cve_id":"3039","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"isc","cpe5":"bind","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"-","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"3039","vulnerable":"1","versionEndIncluding":"9.16.50","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"isc","cpe5":"bind","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"-","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"3039","cve":"CVE-2026-3039","epss":"0.000600000","percentile":"0.187840000","score_date":"2026-05-27","updated_at":"2026-05-28 00:02:14"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-3039","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-05-20T13:42:49.621351Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-05-20T13:43:00.275Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"BIND 9","vendor":"ISC","versions":[{"lessThanOrEqual":"9.16.50","status":"affected","version":"9.0.0","versionType":"custom"},{"lessThanOrEqual":"9.18.48","status":"affected","version":"9.18.0","versionType":"custom"},{"lessThanOrEqual":"9.20.22","status":"affected","version":"9.20.0","versionType":"custom"},{"lessThanOrEqual":"9.21.21","status":"affected","version":"9.21.0","versionType":"custom"},{"lessThanOrEqual":"9.16.50-S1","status":"affected","version":"9.9.3-S1","versionType":"custom"},{"lessThanOrEqual":"9.18.48-S1","status":"affected","version":"9.18.11-S1","versionType":"custom"},{"lessThanOrEqual":"9.20.22-S1","status":"affected","version":"9.20.9-S1","versionType":"custom"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","versionEndIncluding":"9.16.50","versionStartIncluding":"9.0.0","vulnerable":true},{"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","versionEndIncluding":"9.18.48","versionStartIncluding":"9.18.0","vulnerable":true},{"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","versionEndIncluding":"9.20.22","versionStartIncluding":"9.20.0","vulnerable":true},{"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","versionEndIncluding":"9.21.21","versionStartIncluding":"9.21.0","vulnerable":true},{"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","versionEndIncluding":"9.16.50-S1","versionStartIncluding":"9.9.3-S1","vulnerable":true},{"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","versionEndIncluding":"9.18.48-S1","versionStartIncluding":"9.18.11-S1","vulnerable":true},{"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","versionEndIncluding":"9.20.22-S1","versionStartIncluding":"9.20.9-S1","vulnerable":true}],"operator":"OR"}]}],"credits":[{"lang":"en","value":"ISC would like to thank Vitaly Simonovich for bringing this vulnerability to our attention."}],"datePublic":"2026-05-20T00:00:00.000Z","descriptions":[{"lang":"en","value":"BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets.  Typically these servers will be found in Active Directory integrated DNS deployments and/or Kerberos-secured DNS environments.\nThis issue affects BIND 9 versions 9.0.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.9.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1."}],"exploits":[{"lang":"en","value":"We are not aware of any active exploits."}],"impacts":[{"descriptions":[{"lang":"en","value":"An attacker can construct and send packets to a BIND server that will cause it to allocate memory that is not subsequently released.  Depending on the volume and frequency of the packets received, named will eventually fail due to memory exhaustion."}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-771","description":"CWE-771 Missing Reference to Active Allocated Resource","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-05-20T13:09:04.126Z","orgId":"404fd4d2-a609-4245-b543-2c944a302a22","shortName":"isc"},"references":[{"name":"CVE-2026-3039","tags":["vendor-advisory"],"url":"https://kb.isc.org/docs/cve-2026-3039"},{"tags":["patch"],"url":"https://downloads.isc.org/isc/bind9/9.18.49"},{"tags":["patch"],"url":"https://downloads.isc.org/isc/bind9/9.20.23"},{"tags":["patch"],"url":"https://downloads.isc.org/isc/bind9/9.21.22"}],"solutions":[{"lang":"en","value":"Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.49, 9.20.23, 9.21.22, 9.18.49-S1, or 9.20.23-S1."}],"source":{"discovery":"EXTERNAL"},"title":"BIND 9 server memory exhaustion during GSS-API TKEY negotiation","workarounds":[{"lang":"en","value":"No workarounds known."}],"x_generator":{"engine":"cvelib 1.8.0"}}},"cveMetadata":{"assignerOrgId":"404fd4d2-a609-4245-b543-2c944a302a22","assignerShortName":"isc","cveId":"CVE-2026-3039","datePublished":"2026-05-20T13:09:04.126Z","dateReserved":"2026-02-23T16:28:45.411Z","dateUpdated":"2026-05-20T13:43:00.275Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-20 13:16:23","lastModifiedDate":"2026-05-21 15:24:27","problem_types":["CWE-771","CWE-771 CWE-771 Missing Reference to Active Allocated Resource"],"metrics":{"cvssMetricV31":[{"source":"security-officer@isc.org","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*","versionStartIncluding":"9.0.0","versionEndIncluding":"9.16.50","matchCriteriaId":"8C7AB360-9A41-4E0A-B02A-27E3F7F5AB7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*","versionStartIncluding":"9.18.0","versionEndExcluding":"9.18.49","matchCriteriaId":"49533F8C-D7B5-450A-8808-7E1C76F4FAE4"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*","versionStartIncluding":"9.20.0","versionEndExcluding":"9.20.23","matchCriteriaId":"D92461F1-BA01-479E-B740-38855CC216E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*","versionStartIncluding":"9.21.0","versionEndExcluding":"9.21.22","matchCriteriaId":"B254E8E7-3F57-4552-ACBF-623FA481B697"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"3039","Ordinal":"1","Title":"BIND 9 server memory exhaustion during GSS-API TKEY negotiation","CVE":"CVE-2026-3039","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"3039","Ordinal":"1","NoteData":"BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets.  Typically these servers will be found in Active Directory integrated DNS deployments and/or Kerberos-secured DNS environments.\nThis issue affects BIND 9 versions 9.0.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.9.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1.","Type":"Description","Title":"BIND 9 server memory exhaustion during GSS-API TKEY negotiation"}]}}}