CVE-2026-3593

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions BIND 9 versions 9.20.0 through 9.20.22 BIND 9 versions 9.21.0 through 9.21.21 BIND 9 versions 9.20.9-S1 through 9.20.22-S1

Description A heap use-after-free issue exists within the DNS-over-HTTPS implementation. Use-after-free occurs when an application continues to use a pointer after it has been freed, which can lead to crashes or arbitrary code execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

CVE-2026-3593

ECHO-F320-5F3F-A5AC

OPENSUSE-SU-2026:10915-1

RHSA-2026:7412

USN-8293-1

Affected Products

Bind 9

Bind Server

Linuxmint

Ubuntu

CVE-2026-3593

Weakness Enumeration

Related Identifiers

Affected Products

References · 25