BIND 9 Crash via Signed TSIG TKEY Query (9.20.0 9.21.19)
CVE-2026-3119 Published on March 25, 2026
Authenticated query containing a TKEY record may cause named to terminate unexpectedly
Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature (TSIG) from a key declared in the `named` configuration.
This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1.
BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.
Vulnerability Analysis
CVE-2026-3119 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
What is an assertion failure Vulnerability?
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
CVE-2026-3119 has been classified to as an assertion failure vulnerability or weakness.
Products Associated with CVE-2026-3119
stack.watch emails you whenever new vulnerabilities are published in ISC BIND or Canonical Ubuntu Linux. Just hit a watch button to start following.
Affected Versions
ISC BIND 9:- Version 9.20.0, <= 9.20.20 is affected.
- Version 9.21.0, <= 9.21.19 is affected.
- Version 9.20.9-S1, <= 9.20.20-S1 is affected.
- Version 9.18.0, <= 9.18.46 is unaffected.
- Version 9.18.11-S1, <= 9.18.46-S1 is unaffected.