CVE-2026-3039

Name of the Vulnerable Software and Affected Versions BIND 9 versions 9.0.0 through 9.16.50 BIND 9 versions 9.18.0 through 9.18.48 BIND 9 versions 9.20.0 through 9.20.22 BIND 9 versions 9.21.0 through 9.21.21 BIND 9 versions 9.9.3-S1 through 9.16.50-S1 BIND 9 versions 9.18.11-S1 through 9.18.48-S1 BIND 9 versions 9.20.9-S1 through 9.20.22-S1

Description Servers configured to use TKEY-based authentication via GSS-API tokens are subject to excessive memory consumption when processing maliciously-constructed packets. This issue typically occurs in Kerberos-secured DNS environments or Active Directory integrated DNS deployments during GSS-API TKEY negotiation.

Recommendations Update versions 9.0.0 through 9.16.50 to a version newer than 9.16.50. Update versions 9.18.0 through 9.18.48 to a version newer than 9.18.48. Update versions 9.20.0 through 9.20.22 to a version newer than 9.20.22. Update versions 9.21.0 through 9.21.21 to a version newer than 9.21.21. Update versions 9.9.3-S1 through 9.16.50-S1 to a version newer than 9.16.50-S1. Update versions 9.18.11-S1 through 9.18.48-S1 to a version newer than 9.18.48-S1. Update versions 9.20.9-S1 through 9.20.22-S1 to a version newer than 9.20.22-S1.