BIND9 9.20.0-9.21.21/use-after-free via SIG(0) race during recursiveclient limit
CVE-2026-5947 Published on May 20, 2026
SIG(0) validation during query flood may lead to undefined behavior
Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG(0), it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached (as would occur during a query flood), and that same DNS message is discarded per the limit, there is a brief window of time while the SIG(0) validation may attempt to read the now-discarded DNS message.
This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1.
BIND 9 versions 9.18.28 through 9.18.49 and 9.18.28-S1 through 9.18.49-S1 are NOT affected.
Vulnerability Analysis
CVE-2026-5947 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Types
What is a Race Condition Vulnerability?
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.
CVE-2026-5947 has been classified to as a Race Condition vulnerability or weakness.
What is a Dangling pointer Vulnerability?
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
CVE-2026-5947 has been classified to as a Dangling pointer vulnerability or weakness.
Products Associated with CVE-2026-5947
Want to know whenever a new CVE is published for ISC BIND? stack.watch will email you.
Affected Versions
ISC BIND 9:- Version 9.20.0, <= 9.20.22 is affected.
- Version 9.21.0, <= 9.21.21 is affected.
- Version 9.20.9-S1, <= 9.20.22-S1 is affected.
- Version 9.18.28, <= 9.18.49 is unaffected.
- Version 9.18.28-S1, <= 9.18.49-S1 is unaffected.