BIND DNS Server Allows Malicious Data to Be Injected into Cache

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

BIND DNS Server Allows Malicious Data to Be Injected into Cache

OESA-2026-1602

Summary

A security update is available for certain versions of the BIND DNS server. This update addresses a vulnerability that could allow an attacker to inject fake data into the server's cache, potentially causing network disruptions or data corruption. Business owners and IT managers should update their BIND servers to the latest version to ensure their network remains secure.

What to do

Update dhcp to version 4.4.3-13.oe2403.

Affected software

Vendor	Product	Affected versions	Fix available
–	dhcp	<= 4.4.3-13.oe2403	4.4.3-13.oe2403

Original title

dhcp security update

Original description

The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used on UDP/IP networks whereby a DHCP server dynamically assigns an IP address and other network configuration parameters to each device on a network so they can communicate with other IP networks.

Security Fix(es):

Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache.
This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.(CVE-2025-40778)

https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA... Vendor Advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-40778 Vendor Advisory

Published: 15 Mar 2026 · Updated: 15 Mar 2026 · First seen: 15 Mar 2026