BIND DNS Vulnerability CVE-2026-5947: Race Condition Leads to Use-After-Free

/HIGH /CVSS 7.5/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severityuse-after-freecwe-362cwe-416
BIND DNS Vulnerability CVE-2026-5947: Race Condition Leads to Use-After-Free

The National Vulnerability Database has detailed CVE-2026-5947, a critical vulnerability in BIND 9 affecting versions 9.20.0 through 9.20.22 and 9.21.0 through 9.21.21. This flaw stems from a race condition during the validation of DNS messages signed with SIG(0). If a query flood triggers the “recursive-clients” limit, the system may discard a message while its signature validation is still in progress, leading to a use-after-free error. This could allow an attacker to crash the BIND service, causing a denial-of-service.

This high-severity (CVSS 7.5) vulnerability, categorized under CWE-362 (Race Condition) and CWE-416 (Use-After-Free), presents a tangible risk to organizations relying on BIND for DNS resolution. The attacker’s calculus here is straightforward: flood BIND servers beyond their capacity to trigger the race condition and achieve a denial-of-service. The impact is direct — DNS resolution failure means service disruption and potential network outages. Defenders must prioritize patching affected BIND 9 versions immediately. Older, unaffected versions like 9.18.x should also be considered for upgrade paths.

What This Means For You

  • If your organization runs BIND 9 versions 9.20.x or 9.21.x, you are exposed. Check your BIND version immediately and apply the necessary patches or upgrade to a secure version to prevent potential denial-of-service attacks.

Indicators of Compromise

IDTypeIndicator
CVE-2026-5947 Use After Free BIND 9 versions 9.20.0 through 9.20.22
CVE-2026-5947 Use After Free BIND 9 versions 9.21.0 through 9.21.21
CVE-2026-5947 Use After Free BIND 9 versions 9.20.9-S1 through 9.20.22-S1
CVE-2026-5947 Race Condition BIND 9 SIG(0) signature validation during query flood

Written by SCW Vulnerability Desk

🔎
Check BIND exposure to CVE-2026-5947 Use /org isc.org to check for BIND-related threats.
Open Intel Bot →
Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 20, 2026 at 16:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-20240 — Denial of Service

CVE-2026-20240 — In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129,...

vulnerabilityCVEmedium-severitydenial-of-servicecwe-20
/SCW Vulnerability Desk /MEDIUM /6.5 /⚑ 2 IOCs /⚙ 2 Sigma

Splunk Enterprise, Cloud Vulnerability Exposes Session Cookies, Sensitive Data

CVE-2026-20239 — In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a...

vulnerabilityCVEhigh-severitycwe-532
/SCW Vulnerability Desk /HIGH /7.5 /⚑ 5 IOCs /⚙ 4 Sigma

CVE-2026-20238 — In Splunk AI Toolkit versions below 5.7.3, a low-privileged

CVE-2026-20238 — In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data...

vulnerabilityCVEmedium-severitycwe-863
/SCW Vulnerability Desk /MEDIUM /6.5 /⚑ 2 IOCs /⚙ 2 Sigma