{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-5946","assignerOrgId":"404fd4d2-a609-4245-b543-2c944a302a22","state":"PUBLISHED","assignerShortName":"isc","dateReserved":"2026-04-09T06:40:07.319Z","datePublished":"2026-05-20T13:10:03.479Z","dateUpdated":"2026-06-30T12:11:12.136Z"},"containers":{"cna":{"providerMetadata":{"orgId":"404fd4d2-a609-4245-b543-2c944a302a22","shortName":"isc","dateUpdated":"2026-05-20T13:10:03.479Z"},"title":"Invalid handling of CLASS != IN","datePublic":"2026-05-20T00:00:00.000Z","affected":[{"vendor":"ISC","product":"BIND 9","versions":[{"version":"9.11.0","lessThanOrEqual":"9.16.50","status":"affected","versionType":"custom"},{"version":"9.18.0","lessThanOrEqual":"9.18.48","status":"affected","versionType":"custom"},{"version":"9.20.0","lessThanOrEqual":"9.20.22","status":"affected","versionType":"custom"},{"version":"9.21.0","lessThanOrEqual":"9.21.21","status":"affected","versionType":"custom"},{"version":"9.11.3-S1","lessThanOrEqual":"9.16.50-S1","status":"affected","versionType":"custom"},{"version":"9.18.11-S1","lessThanOrEqual":"9.18.48-S1","status":"affected","versionType":"custom"},{"version":"9.20.9-S1","lessThanOrEqual":"9.20.22-S1","status":"affected","versionType":"custom"}],"defaultStatus":"unaffected"}],"cpeApplicability":[{"nodes":[{"operator":"OR","cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","versionStartIncluding":"9.11.0","versionEndIncluding":"9.16.50"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","versionStartIncluding":"9.18.0","versionEndIncluding":"9.18.48"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","versionStartIncluding":"9.20.0","versionEndIncluding":"9.20.22"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","versionStartIncluding":"9.21.0","versionEndIncluding":"9.21.21"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","versionStartIncluding":"9.11.3-S1","versionEndIncluding":"9.16.50-S1"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","versionStartIncluding":"9.18.11-S1","versionEndIncluding":"9.18.48-S1"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","versionStartIncluding":"9.20.9-S1","versionEndIncluding":"9.20.22-S1"}]}]}],"metrics":[{"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-20","description":"CWE-20 Improper Input Validation"},{"lang":"en","type":"CWE","cweId":"CWE-125","description":"CWE-125 Out-of-bounds Read"},{"lang":"en","type":"CWE","cweId":"CWE-617","description":"CWE-617 Reachable Assertion"},{"lang":"en","type":"CWE","cweId":"CWE-754","description":"CWE-754 Improper Check for Unusual or Exceptional Conditions"},{"lang":"en","type":"CWE","cweId":"CWE-843","description":"CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')"}]}],"descriptions":[{"lang":"en","value":"Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `CHAOS` or `HESIOD`, or DNS messages that specify meta-classes (`ANY` or `NONE`) in the question section. Specially crafted requests reaching the affected code paths — recursion, dynamic updates (`UPDATE`), zone change notifications (`NOTIFY`), or processing of `IN`-specific record types in non-`IN` data — can cause assertion failures in `named`.\nThis issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1."}],"impacts":[{"descriptions":[{"lang":"en","value":"An attacker able to send specially crafted DNS messages to an affected `named` instance can cause it to terminate unexpectedly, resulting in a denial of service."}]}],"workarounds":[{"lang":"en","value":"Don't configure zones other than Internet (`IN`) class. Furthermore, do not expose the server that allows DNS Dynamic Update to the general Internet."}],"exploits":[{"lang":"en","value":"We are not aware of any active exploits."}],"solutions":[{"lang":"en","value":"Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.49, 9.20.23, 9.21.22, 9.18.49-S1, or 9.20.23-S1."}],"credits":[{"lang":"en","value":"ISC would like to thank Mcsky23 for bringing this vulnerability to our attention."}],"references":[{"url":"https://kb.isc.org/docs/cve-2026-5946","name":"CVE-2026-5946","tags":["vendor-advisory"]},{"url":"https://downloads.isc.org/isc/bind9/9.18.49","tags":["patch"]},{"url":"https://downloads.isc.org/isc/bind9/9.20.23","tags":["patch"]},{"url":"https://downloads.isc.org/isc/bind9/9.21.22","tags":["patch"]}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"cvelib 1.8.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-05-20T13:40:04.619504Z","id":"CVE-2026-5946","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-05-20T13:40:20.966Z"}},{"affected":[{"cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream (v. 10)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux:8::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream (v. 8)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream (v. 9)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:8::baseos"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux BaseOS (v. 8)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux:8::crb"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux CRB (v. 8)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux:9::crb"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:hummingbird:1"],"defaultStatus":"affected","product":"Red Hat Hardened Images","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:6"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux 6","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:7"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux 7","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift:4"],"defaultStatus":"affected","product":"Red Hat OpenShift Container Platform 4","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:9"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat"}],"datePublic":"2026-05-21T12:32:55.602Z","descriptions":[{"lang":"en","value":"A flaw was found in the bind component, specifically within the `named` daemon. This vulnerability allows a remote attacker to send specially crafted Domain Name System (DNS) messages. These messages, which use unusual classes or meta-classes, can trigger assertion failures in the `named` daemon when processed. Successful exploitation leads to an application level Denial of Service (DoS), making the DNS service unavailable."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-1287","description":"Improper Validation of Specified Type of Input","lang":"en","type":"CWE"}]}],"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-5946"},{"name":"RHBZ#2479771","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479771"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5946.json"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:24338"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:24339"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:23360"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:24367"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:24368"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:20334"}],"solutions":[{"lang":"en","value":"RHSA-2026:24338: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"},{"lang":"en","value":"RHSA-2026:24339: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux BaseOS (v. 8)"},{"lang":"en","value":"RHSA-2026:23360: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux CRB (v. 8)"},{"lang":"en","value":"RHSA-2026:24367: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"},{"lang":"en","value":"RHSA-2026:24368: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"},{"lang":"en","value":"RHSA-2026:20334: Red Hat Hardened Images"}],"timeline":[{"lang":"en","time":"2026-05-19T09:57:49.705Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-05-21T12:32:55.602Z","value":"Made public."}],"title":"bind: BIND: Denial of Service via specially crafted DNS messages","workarounds":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}],"x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"},"providerMetadata":{"orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP","dateUpdated":"2026-06-30T12:11:12.136Z"}}]}}