The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6285 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-6285-1                   security@debian.org     https://www.debian.org/security/                       Moritz Muehlenhoff     May 20, 2026                          https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : bind9     CVE ID         : CVE-2026-3039 CVE-2026-3592 CVE-2026-5946                      CVE-2026-5950 CVE-2026-5947 CVE-2026-3593

    Several vulnerabilities were discovered in BIND, a DNS server     implementation, which may result in denial of service.

    For the oldstable distribution (bookworm), these problems have been fixed     in version 1:9.18.49-1~deb12u1.

    For the stable distribution (trixie), these problems have been fixed in     version 1:9.20.23-1~deb13u1.

    We recommend that you upgrade your bind9 packages.

    For the detailed security status of bind9 please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/bind9

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8293-1 advisory.

    Vitaly Simonovich discovered that Bind could exhaust memory during GSS-API TKEY negotiation. A remote     attacker could possibly use this issue to cause Bind to use excessive resources, leading to a denial of     service. (CVE-2026-3039)

    Shuhan Zhang discovered that Bind incorrectly handled self-pointed glue records. A remote attacker could     possibly use this issue to use Bind in denial of service amplification attacks against other systems.
    (CVE-2026-3592)

    Naresh Kandula Parmar discovered that Bind incorrectly handled memory in the DNS-over-HTTPS     implementation. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a     denial of service, or execute arbitrary code. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS.
    (CVE-2026-3593)

    It was discovered that Bind incorrectly handled DNS messages whose class was not IN. A remote attacker     could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2026-5946)

    Naoki Wakamatsu discovered that Bind incorrectly handled SIG(0) validation during a query flood. A remote     attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This     issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-5947)

    Billy Baraja discovered that Bind had an unbounded resend loop in the resolver. A remote attacker could     possibly use this issue to cause Bind to use excessive resources, leading to a denial of service.
    (CVE-2026-5950)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of bind installed on the remote host is prior to 9.18.49 / 9.20.23. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2026-141-01 advisory.

    New bind packages are available for Slackware 15.0 and -current to fix security issues.

Tenable has extracted the preceding description block directly from the bind security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 43 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-b626e83a45 advisory.

    # Update to 9.18.49 (rhbz#2480121)

    ## Security Fixes:

    - Limit resolver server list size. ([CVE-2026-3592](https://kb.isc.org/docs/cve-2026-3592))
    - Fix GSS-API resource leak. ([CVE-2026-3039](https://kb.isc.org/docs/cve-2026-3039))
    - Disable recursion, UPDATE, and NOTIFY for non-IN views.
    ([CVE-2026-5946](https://kb.isc.org/docs/cve-2026-5946))
    - Avoid unbounded recursion loop. ([CVE-2026-5950](https://kb.isc.org/docs/cve-2026-5950))
    - Fix outgoing zone transfers' quota issue.

    ## Feature Changes:

    - Fix CPU spikes and slow queries when cache approaches memory limit.

    ## Bug Fixes:

    - Fix named crash when processing SIG records in dynamic updates.
    - Fix rndc modzone behavior for a zone in named.conf.
    - Fix zone verification of NSEC3 signed zones.
    - Prevent a crash when using both dns64 and filter-aaaa.
    - Fixed an assertion failure when processing catalog zones.
    - Prevent malicious DNSSEC zones from exhausting validator CPU.
    - Fix rndc-confgen aborting on HMAC-SHA-384/512 keys above 512 bits.
    - Prevent crafted queries from degrading RRL performance.
    - Fix a bug in allow-query/allow-transfer catalog zone custom properties.
    - Fix a memory leak issue in catalog zones.
    - Fix suppressed missing-glue check in named-checkzone.
    - Reject record sets too large to serve in DNS.

    Source: https://downloads.isc.org/isc/bind9/9.18.49/doc/arm/html/notes.html#notes-for-bind-9-18-49


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2026-3039 advisory.

  - BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to     excessive memory consumption when receiving and processing maliciously-constructed packets. Typically     these servers will be found in Active Directory integrated DNS deployments and/or Kerberos-secured DNS     environments. This issue affects BIND 9 versions 9.0.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0     through 9.20.22, 9.21.0 through 9.21.21, 9.9.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and     9.20.9-S1 through 9.20.22-S1. (CVE-2026-3039)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to     excessive memory consumption when receiving and processing maliciously-constructed packets. Typically     these servers will be found in Active Directory integrated DNS deployments and/or Kerberos-secured DNS     environments. This issue affects BIND 9 versions 9.0.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0     through 9.20.22, 9.21.0 through 9.21.21, 9.9.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and     9.20.9-S1 through 9.20.22-S1. (CVE-2026-3039)

Note that Nessus relies on the presence of the package as reported by the vendor.

The remote Fedora 44 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-411248c8d9 advisory.

    # Update to 9.18.49 (rhbz#2480121)

    ## Security Fixes:

    - Limit resolver server list size. ([CVE-2026-3592](https://kb.isc.org/docs/cve-2026-3592))
    - Fix GSS-API resource leak. ([CVE-2026-3039](https://kb.isc.org/docs/cve-2026-3039))
    - Disable recursion, UPDATE, and NOTIFY for non-IN views.
    ([CVE-2026-5946](https://kb.isc.org/docs/cve-2026-5946))
    - Avoid unbounded recursion loop. ([CVE-2026-5950](https://kb.isc.org/docs/cve-2026-5950))
    - Fix outgoing zone transfers' quota issue.

    ## Feature Changes:

    - Fix CPU spikes and slow queries when cache approaches memory limit.

    ## Bug Fixes:

    - Fix named crash when processing SIG records in dynamic updates.
    - Fix rndc modzone behavior for a zone in named.conf.
    - Fix zone verification of NSEC3 signed zones.
    - Prevent a crash when using both dns64 and filter-aaaa.
    - Fixed an assertion failure when processing catalog zones.
    - Prevent malicious DNSSEC zones from exhausting validator CPU.
    - Fix rndc-confgen aborting on HMAC-SHA-384/512 keys above 512 bits.
    - Prevent crafted queries from degrading RRL performance.
    - Fix a bug in allow-query/allow-transfer catalog zone custom properties.
    - Fix a memory leak issue in catalog zones.
    - Fix suppressed missing-glue check in named-checkzone.
    - Reject record sets too large to serve in DNS.

    Source: https://downloads.isc.org/isc/bind9/9.18.49/doc/arm/html/notes.html#notes-for-bind-9-18-49


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1755 advisory.

    Fix GSS-API resource leak (CVE-2026-3039)

    Limit resolver server list size (CVE-2026-3592)

    An unauthenticated remote attacker can crash any affected named instance with a single crafted DNS     message, causing denial of service. Both authoritative servers and resolvers are affected. (CVE-2026-5946)

    Avoid unbounded recursion loop (CVE-2026-5950)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
315942	Debian dsa-6285 : bind9 - security update	Nessus	Debian Local Security Checks	5/20/2026	5/25/2026	critical
316496	Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Bind vulnerabilities (USN-8293-1)	Nessus	Ubuntu Local Security Checks	5/22/2026	5/22/2026	critical
316056	Slackware Linux 15.0 / current bind Multiple Vulnerabilities (SSA:2026-141-01)	Nessus	Slackware Local Security Checks	5/21/2026	5/25/2026	medium
316799	Fedora 43 : bind / bind-dyndb-ldap (2026-b626e83a45)	Nessus	Fedora Local Security Checks	5/26/2026	5/26/2026	high
315693	ISC BIND 9.0.0 < 9.18.49 / 9.9.3-S1 < 9.18.49-S1 / 9.18.0 < 9.18.49 / 9.18.11-S1 < 9.18.49-S1 / 9.20.0 < 9.20.23 / 9.20.9-S1 < 9.20.23-S1 / 9.21.0 < 9.21.22 Vulnerability (cve-2026-3039)	Nessus	DNS	5/20/2026	5/26/2026	high
315758	Linux Distros Unpatched Vulnerability : CVE-2026-3039	Nessus	Misc.	5/20/2026	5/26/2026	high
316653	Fedora 44 : bind / bind-dyndb-ldap (2026-411248c8d9)	Nessus	Fedora Local Security Checks	5/25/2026	5/25/2026	high
316838	Amazon Linux 2023 : bind, bind-chroot, bind-devel (ALAS2023-2026-1755)	Nessus	Amazon Linux Local Security Checks	5/26/2026	5/26/2026	high

Detections

Analytics

Plugins Search

critical

critical

medium

high

high

high

high

high