{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/bind-9-9.21.0-through-9.21.21/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.4,"id":"CVE-2026-3593"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["BIND 9 (9.20.0 through 9.20.22)","BIND 9 (9.21.0 through 9.21.21)","BIND 9 (9.20.9-S1 through 9.20.22-S1)"],"_cs_severities":["high"],"_cs_tags":["cve","dns","use-after-free","denial-of-service","remote-code-execution"],"_cs_type":"threat","_cs_vendors":["Internet Systems Consortium (ISC)"],"content_html":"\u003cp\u003eCVE-2026-3593 describes a use-after-free vulnerability residing within the DNS-over-HTTPS (DoH) implementation of BIND 9. This flaw affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. Successful exploitation of this vulnerability could lead to a denial-of-service condition, where the BIND 9 server becomes unresponsive, or potentially allow an attacker to execute arbitrary code on the affected system. This vulnerability poses a significant risk to organizations relying on BIND 9 for DNS services, potentially disrupting network operations and compromising system integrity. Note that BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker sends a specially crafted DNS-over-HTTPS request to a vulnerable BIND 9 server.\u003c/li\u003e\n\u003cli\u003eThe BIND 9 server attempts to process the malicious DoH request.\u003c/li\u003e\n\u003cli\u003eDue to the vulnerability, the server accesses a memory location that has already been freed.\u003c/li\u003e\n\u003cli\u003eThis use-after-free condition leads to memory corruption within the BIND 9 process.\u003c/li\u003e\n\u003cli\u003eThe memory corruption can cause the server to crash, resulting in a denial-of-service.\u003c/li\u003e\n\u003cli\u003eIn a more sophisticated attack, the attacker might be able to manipulate the memory corruption to execute arbitrary code.\u003c/li\u003e\n\u003cli\u003eSuccessful code execution allows the attacker to gain control over the BIND 9 server.\u003c/li\u003e\n\u003cli\u003eThe attacker can then use the compromised server to launch further attacks or exfiltrate sensitive data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-3593 can result in a denial-of-service condition for affected BIND 9 servers, disrupting DNS resolution services for dependent networks and applications. In a more severe scenario, the vulnerability could be leveraged to achieve arbitrary code execution, allowing attackers to gain control over the BIND 9 server and potentially compromise the entire network infrastructure. The impact will vary depending on the criticality of the affected BIND 9 servers within the organization\u0026rsquo;s infrastructure.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to BIND 9 versions 9.20.23 or 9.21.22 to remediate CVE-2026-3593, as recommended by the Internet Systems Consortium (ISC) advisory (\u003ca href=\"https://kb.isc.org/docs/cve-2026-3593\"\u003ehttps://kb.isc.org/docs/cve-2026-3593\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for unusual DNS-over-HTTPS requests that may indicate exploitation attempts, using a network intrusion detection system (NIDS).\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rule detecting unusual process execution originating from named, indicating potential exploitation attempts of CVE-2026-3593.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-20T13:19:04Z","date_published":"2026-05-20T13:19:04Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-3593/","summary":"A use-after-free vulnerability in the DNS-over-HTTPS implementation of BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1 could allow an attacker to cause a denial of service or potentially execute arbitrary code.","title":"CVE-2026-3593 Use-After-Free Vulnerability in BIND 9 DNS-over-HTTPS","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-3593/"}],"language":"en","title":"CraftedSignal Threat Feed — BIND 9 (9.21.0 Through 9.21.21)","version":"https://jsonfeed.org/version/1.1"}