A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-bcc66a29da advisory.

    # Update to 9.21.20 (rhbz#2440560)

    ## Security Fixes:

    - Fix unbounded NSEC3 iterations when validating referrals to unsigned delegations.
    ([CVE-2026-1519](https://kb.isc.org/docs/cve-2026-1519))
    - Fix memory leaks in code preparing DNSSEC proofs of non-existence.
    ([CVE-2026-3104](https://kb.isc.org/docs/cve-2026-3104))
    - Prevent a crash in code processing queries containing a TKEY record.
    ([CVE-2026-3119](https://kb.isc.org/docs/cve-2026-3119))
    - Fix a stack use-after-return flaw in SIG(0) handling code.
    ([CVE-2026-3591](https://kb.isc.org/docs/cve-2026-3591))

    ## New Features:

    - Provide response round-trip time (RTT) counters via statistics channel.
    - Introduce max-delegation-servers configuration option.

    ## Bug Fixes:

    - Fix parsing key inactivation time in KASP code.
    - Fix the handling of key statements defined inside views.

    # Update to 9.21.19

    ## Security Fixes:

    - Fix a use-after-free error in dns_client_resolve() triggered by a DNAME response.
    - Fix a NULL pointer dereference in qp-trie cache code.
    - Immediately remove purged ADB names and entries from the SIEVE list.

    ## Feature Changes:

    - Record query time for all dnstap responses.
    - Optimize TCP source port selection on Linux.

    and multiple bug fixes.

    # Update to 9.21.18

    ## Feature Changes:

    - Enable minimal ANY answers by default.
    - Lowercase the NSEC Next Domain Name field.
    - Update requirements for system test suite.

    ## Bug Fixes:

    - Make catalog zone names and member zones' entry names case-insensitive. [GL #5693]
    - Fix implementation of BRID and HHIT record types. [GL #5710]
    - Fix implementation of DSYNC record type. [GL #5711]
    - Fix response policy and catalog zones to work with $INCLUDE directive.

    Source: https://downloads.isc.org/isc/bind9/9.21.20/doc/arm/html/notes.html#notes-for-bind-9-21-20



Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-a6efefa854 advisory.

    # Update to 9.21.20 (rhbz#2440560)

    ## Security Fixes:

    - Fix unbounded NSEC3 iterations when validating referrals to unsigned delegations.
    ([CVE-2026-1519](https://kb.isc.org/docs/cve-2026-1519))
    - Fix memory leaks in code preparing DNSSEC proofs of non-existence.
    ([CVE-2026-3104](https://kb.isc.org/docs/cve-2026-3104))
    - Prevent a crash in code processing queries containing a TKEY record.
    ([CVE-2026-3119](https://kb.isc.org/docs/cve-2026-3119))
    - Fix a stack use-after-return flaw in SIG(0) handling code.
    ([CVE-2026-3591](https://kb.isc.org/docs/cve-2026-3591))

    ## New Features:

    - Provide response round-trip time (RTT) counters via statistics channel.
    - Introduce max-delegation-servers configuration option.

    ## Bug Fixes:

    - Fix parsing key inactivation time in KASP code.
    - Fix the handling of key statements defined inside views.

    # Update to 9.21.19

    ## Security Fixes:

    - Fix a use-after-free error in dns_client_resolve() triggered by a DNAME response.
    - Fix a NULL pointer dereference in qp-trie cache code.
    - Immediately remove purged ADB names and entries from the SIEVE list.

    ## Feature Changes:

    - Record query time for all dnstap responses.
    - Optimize TCP source port selection on Linux.

    and multiple bug fixes.

    # Update to 9.21.18

    ## Feature Changes:

    - Enable minimal ANY answers by default.
    - Lowercase the NSEC Next Domain Name field.
    - Update requirements for system test suite.

    ## Bug Fixes:

    - Make catalog zone names and member zones' entry names case-insensitive. [GL #5693]
    - Fix implementation of BRID and HHIT record types. [GL #5710]
    - Fix implementation of DSYNC record type. [GL #5711]
    - Fix response policy and catalog zones to work with $INCLUDE directive.

    Source: https://downloads.isc.org/isc/bind9/9.21.20/doc/arm/html/notes.html#notes-for-bind-9-21-20


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6181 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-6181-1                   security@debian.org     https://www.debian.org/security/                     Salvatore Bonaccorso     March 27, 2026                        https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : bind9     CVE ID         : CVE-2026-1519 CVE-2026-3104 CVE-2026-3119 CVE-2026-3591

    Several vulnerabilities were discovered in BIND, a DNS server     implementation, which may result in bypass of ACL restrictions or denial     of service.

    For the oldstable distribution (bookworm), these problems have been     fixed in version 1:9.18.47-1~deb12u1. The oldstable distribution is only     affected by CVE-2026-1519.

    For the stable distribution (trixie), these problems have been fixed in     version 1:9.20.21-1~deb13u1.

    We recommend that you upgrade your bind9 packages.

    For the detailed security status of bind9 please refer to its security     tracker page at:
    https://security-tracker.debian.org/tracker/bind9

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8124-1 advisory.

    Samy Medjahed discovered that Bind incorrectly handled insecure delegation validation. A remote attacker     could possibly use this issue to cause excessive NSEC3 iterations, consuming CPU resources, and leading to     a denial of service. (CVE-2026-1519)

    Vitaly Simonovich discovered that Bind incorrectly handled memory when preparing DNSSEC proofs of non-     existence. A remote attacker could possibly use this issue to cause memory consumption, leading to a     denial of service. This issue only affected Ubuntu 25.10. (CVE-2026-3104)

    Vitaly Simonovich discovered that Bind incorrectly handled authenticated queries containing TKEY records.
    A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service.
    This issue only affected Ubuntu 25.10. (CVE-2026-3119)

    It was discovered that Bind incorrectly handled DNS queries signed with SIG(0). A remote attacker could     possibly use this issue to bypass ACLs. This issue only affected Ubuntu 25.10. (CVE-2026-3591)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this     domain. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1     through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT     affected. (CVE-2026-3104)

Note that Nessus relies on the presence of the package as reported by the vendor.

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2026-3104 advisory.

  - A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this     domain.If a BIND resolver is asked to query a specially crafted domain, memory will not be recovered by     named . This can cause unbounded growth of Resident Set Size (RSS) memory, which may lead to an out-of-     memory condition. Additionally,  named  will exit with an assertion failure if a shutdown or reload is     attempted.         -  Authoritative services are believed to be unaffected by this vulnerability but it is     important to read: https://kb.isc.org/docs/why-does-my-authoritative-server-make-recursive-queries
    -  Resolvers are affected by this vulnerability.  Authoritative services are believed to be unaffected by     this vulnerability but it is important to read:  https://kb.isc.org/docs/why-does-my-authoritative-server-     make-recursive-queries Resolvers are affected by this vulnerability. (CVE-2026-3104)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
304939	Fedora 42 : bind9-next (2026-bcc66a29da)	Nessus	Fedora Local Security Checks	high
304848	Fedora 43 : bind9-next (2026-a6efefa854)	Nessus	Fedora Local Security Checks	high
304021	Debian dsa-6181 : bind9 - security update	Nessus	Debian Local Security Checks	high
304016	Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : Bind vulnerabilities (USN-8124-1)	Nessus	Ubuntu Local Security Checks	high
303722	Linux Distros Unpatched Vulnerability : CVE-2026-3104	Nessus	Misc.	high
303597	ISC BIND 9.20.0 < 9.20.21 / 9.20.9-S1 < 9.20.21-S1 / 9.21.0 < 9.21.20 Assertion Failure (cve-2026-3104)	Nessus	DNS	high

Detections

Analytics

CVE-2026-3104

high

Tenable Plugins

high

high

high

high

high

high