Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
BIND DNS Server Allows Malicious Data Injection
OESA-2026-1601
Summary
A security update is available for BIND DNS servers that can be exploited by an attacker to inject fake data into the server's cache. This can lead to DNS resolution errors and potentially disrupt network communication. Update to the latest version of BIND to mitigate this issue.
What to do
- Update dhcp to version 4.4.3-11.oe2203sp4.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | dhcp | <= 4.4.3-11.oe2203sp4 | 4.4.3-11.oe2203sp4 |
Original title
dhcp security update
Original description
The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used on UDP/IP networks whereby a DHCP server dynamically assigns an IP address and other network configuration parameters to each device on a network so they can communicate with other IP networks.
Security Fix(es):
Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache.
This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.(CVE-2025-40778)
Security Fix(es):
Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache.
This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.(CVE-2025-40778)
- https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA... Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-40778 Vendor Advisory
Published: 15 Mar 2026 · Updated: 15 Mar 2026 · First seen: 15 Mar 2026