Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
BIND DNS Server Can Crash with Malicious DNS Data
RLSA-2026:8312
Summary
A security update is available for BIND, a key component of many organizations' DNS infrastructure. This update fixes a critical issue where a maliciously crafted DNS message could cause the DNS server to crash, potentially disrupting access to websites and online services. Apply the update as soon as possible to protect against this type of attack.
What to do
- Update bind to version 2:9.18.33-10.el10_1.3.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Rocky Linux:10 | – | bind |
< 2:9.18.33-10.el10_1.3 Fix: upgrade to 2:9.18.33-10.el10_1.3
|
Original title
Important: bind security update
Original description
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.
Security Fix(es):
* bind: BIND: Denial of Service via maliciously crafted DNSSEC-validated zone (CVE-2026-1519)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Security Fix(es):
* bind: BIND: Denial of Service via maliciously crafted DNSSEC-validated zone (CVE-2026-1519)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
osv CVSS3.1
7.5
- https://errata.rockylinux.org/RLSA-2026:8312 Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2451305 Third Party Advisory
Published: 16 Apr 2026 · Updated: 16 Apr 2026 · First seen: 16 Apr 2026