Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-3592

Summary
Assigner-isc
Assigner Org ID-404fd4d2-a609-4245-b543-2c944a302a22
Published At-20 May, 2026 | 13:09
Updated At-20 May, 2026 | 13:42
Rejected At-
Credits

Amplification vulnerabilities via self-pointed glue records

BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to a specially crafted zone, the resolver will consume disproportionate resources. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:isc
Assigner Org ID:404fd4d2-a609-4245-b543-2c944a302a22
Published At:20 May, 2026 | 13:09
Updated At:20 May, 2026 | 13:42
Rejected At:
â–¼CVE Numbering Authority (CNA)
Amplification vulnerabilities via self-pointed glue records

BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to a specially crafted zone, the resolver will consume disproportionate resources. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1.

Affected Products
Vendor
Internet Systems Consortium, Inc.ISC
Product
BIND 9
Default Status
unaffected
Versions
Affected
  • From 9.11.0 through 9.16.50 (custom)
  • From 9.18.0 through 9.18.48 (custom)
  • From 9.20.0 through 9.20.22 (custom)
  • From 9.21.0 through 9.21.21 (custom)
  • From 9.11.3-S1 through 9.16.50-S1 (custom)
  • From 9.18.11-S1 through 9.18.48-S1 (custom)
  • From 9.20.9-S1 through 9.20.22-S1 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-408CWE-408 Incorrect Behavior Order - Early Amplification
Type: CWE
CWE ID: CWE-408
Description: CWE-408 Incorrect Behavior Order - Early Amplification
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
N/AAn attacker may be able to cause the resolver to consume disproportionate amounts of bandwidth in the attempt to resolve the name. Impairment of TCP may also be seen. The issue predominately affects recursive resolvers. Authoritative-only servers containing only trustworthy zones and names should be unaffected. If an authoritative server can be induced to look up an attack domain (e.g., if loading a zone from an untrusted source), it may be possible to trigger the issue.
CAPEC ID: N/A
Description: An attacker may be able to cause the resolver to consume disproportionate amounts of bandwidth in the attempt to resolve the name. Impairment of TCP may also be seen. The issue predominately affects recursive resolvers. Authoritative-only servers containing only trustworthy zones and names should be unaffected. If an authoritative server can be induced to look up an attack domain (e.g., if loading a zone from an untrusted source), it may be possible to trigger the issue.
Solutions

Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.49, 9.20.23, 9.21.22, 9.18.49-S1, or 9.20.23-S1.

Configurations
Workarounds

No workarounds known.

Exploits

We are not aware of any active exploits.

Credits
ISC would like to thank Shuhan Zhang from Tsinghua University for bringing this vulnerability to our attention.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kb.isc.org/docs/cve-2026-3592
vendor-advisory
https://downloads.isc.org/isc/bind9/9.18.49
patch
https://downloads.isc.org/isc/bind9/9.20.23
patch
https://downloads.isc.org/isc/bind9/9.21.22
patch
Hyperlink: https://kb.isc.org/docs/cve-2026-3592
Resource:
vendor-advisory
Hyperlink: https://downloads.isc.org/isc/bind9/9.18.49
Resource:
patch
Hyperlink: https://downloads.isc.org/isc/bind9/9.20.23
Resource:
patch
Hyperlink: https://downloads.isc.org/isc/bind9/9.21.22
Resource:
patch
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-officer@isc.org
Published At:20 May, 2026 | 13:16
Updated At:20 May, 2026 | 14:04

BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to a specially crafted zone, the resolver will consume disproportionate resources. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-408Secondarysecurity-officer@isc.org
CWE ID: CWE-408
Type: Secondary
Source: security-officer@isc.org
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://downloads.isc.org/isc/bind9/9.18.49security-officer@isc.org
N/A
https://downloads.isc.org/isc/bind9/9.20.23security-officer@isc.org
N/A
https://downloads.isc.org/isc/bind9/9.21.22security-officer@isc.org
N/A
https://kb.isc.org/docs/cve-2026-3592security-officer@isc.org
N/A
Hyperlink: https://downloads.isc.org/isc/bind9/9.18.49
Source: security-officer@isc.org
Resource: N/A
Hyperlink: https://downloads.isc.org/isc/bind9/9.20.23
Source: security-officer@isc.org
Resource: N/A
Hyperlink: https://downloads.isc.org/isc/bind9/9.21.22
Source: security-officer@isc.org
Resource: N/A
Hyperlink: https://kb.isc.org/docs/cve-2026-3592
Source: security-officer@isc.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

7Records found
CVE-2022-0396
Matching Score-8
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-8
Assigner-Internet Systems Consortium (ISC)
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 29.52%
||
7 Day CHG~0.00%
Published-23 Mar, 2022 | 10:45
Updated-16 Sep, 2024 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DoS from specifically crafted TCP packets

BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.

Action-Not Available
Vendor-Internet Systems Consortium, Inc.NetApp, Inc.Siemens AGFedora Project
Product-h300esinec_insh500sh300s_firmwareh410c_firmwareh410sh300sh300e_firmwareh500eh410s_firmwarefedorah500s_firmwareh500e_firmwareh700s_firmwareh700ebindh410ch700e_firmwareh700sBIND
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2026-5950
Matching Score-8
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-8
Assigner-Internet Systems Consortium (ISC)
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 34.35%
||
7 Day CHG+0.07%
Published-20 May, 2026 | 13:10
Updated-20 May, 2026 | 14:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unbounded resend loop in BIND 9 resolver

An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to cause severe resource exhaustion by sending queries that trigger specific retry conditions. This issue affects BIND 9 versions 9.18.36 through 9.18.48, 9.20.8 through 9.20.22, 9.21.7 through 9.21.21, 9.18.36-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1.

Action-Not Available
Vendor-Internet Systems Consortium, Inc.
Product-BIND 9
CWE ID-CWE-606
Unchecked Input for Loop Condition
CVE-2021-25219
Matching Score-8
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-8
Assigner-Internet Systems Consortium (ISC)
CVSS Score-5.3||MEDIUM
EPSS-1.04% / 77.71%
||
7 Day CHG~0.00%
Published-27 Oct, 2021 | 21:10
Updated-16 Sep, 2024 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Lame cache can be abused to severely degrade resolver performance

In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.

Action-Not Available
Vendor-Internet Systems Consortium, Inc.Debian GNU/LinuxNetApp, Inc.Oracle CorporationSiemens AGFedora Project
Product-h300eh500scloud_backuph300s_firmwareh410c_firmwareh410sh300sh300e_firmwaresinec_infrastructure_network_serviceshttp_serverdebian_linuxh500eh410s_firmwarefedorah500s_firmwareh500e_firmwarezfs_storage_appliance_kith700s_firmwareh700ebindh410ch700e_firmwareh700sBIND9
CVE-2022-2795
Matching Score-8
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-8
Assigner-Internet Systems Consortium (ISC)
CVSS Score-5.3||MEDIUM
EPSS-0.48% / 65.56%
||
7 Day CHG~0.00%
Published-21 Sep, 2022 | 10:15
Updated-29 Nov, 2024 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Processing large delegations may severely degrade resolver performance

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectInternet Systems Consortium, Inc.
Product-binddebian_linuxfedoraBIND9bind
CVE-2023-5680
Matching Score-8
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-8
Assigner-Internet Systems Consortium (ISC)
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 28.17%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 14:05
Updated-17 Mar, 2025 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cleaning an ECS-enabled cache may cause excessive CPU load

If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. This issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.

Action-Not Available
Vendor-NetApp, Inc.Internet Systems Consortium, Inc.
Product-bindactive_iq_unified_managerBIND 9
CVE-2026-41331
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.06% / 17.66%
||
7 Day CHG~0.00%
Published-20 Apr, 2026 | 23:08
Updated-27 Apr, 2026 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.3.31 - Resource Consumption via Unauthorized Telegram Audio Preflight Transcription

OpenClaw before 2026.3.31 contains a resource consumption vulnerability in Telegram audio preflight transcription that allows unauthorized group senders to trigger transcription processing. Attackers can exploit insufficient allowlist enforcement to cause resource or billing consumption by initiating audio preflight operations before authorization checks are applied.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-408
Incorrect Behavior Order: Early Amplification
CVE-2026-41374
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 22.61%
||
7 Day CHG~0.00%
Published-28 Apr, 2026 | 18:09
Updated-30 Apr, 2026 | 13:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.3.31 - Resource Consumption via Discord Audio Preflight Before Member Authorization

OpenClaw before 2026.3.31 performs Discord audio preflight transcription before validating member authorization, allowing unauthenticated attackers to consume resources. Remote attackers can trigger audio preflight processing without member allowlist validation to cause resource exhaustion.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-408
Incorrect Behavior Order: Early Amplification
Details not found