SecuriTricks - CVE-2026-3591

Description

A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly (mis)match an IP address. In a default-allow ACL (denying only specific IP addresses), this may lead to unauthorized access. Default-deny ACLs should fail-secure. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.

Product(s) Impacted

Vendor	Product	Versions
Isc	Bind	9.20.0-9.20.20, 9.21.0-9.21.19, 9.20.9-S1-9.20.20-S1

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-305

Authentication Bypass by Primary Weakness

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	isc	bind	9.20.0-9.20.20	/	/	/	/	/	/	/
a	isc	bind	9.21.0-9.21.19	/	/	/	/	/	/	/
a	isc	bind	9.20.9-S1-9.20.20-S1	/	/	/	/	/	/	/

References

https://downloads.isc.org/isc/bind9/9.20.21

https://downloads.isc.org/isc/bind9/9.21.20

https://kb.isc.org/docs/cve-2026-3591

CVSS Score

5.4 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: LOW
Scope: UNCHANGED
Confidentiality Impact: LOW
Integrity Impact: LOW
Availability Impact: NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

View Vector String

Timeline

Published: March 25, 2026, 2:16 p.m.
Last Modified: March 25, 2026, 3:41 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

[email protected]

CVE-2026-3591