vulnerability

Ubuntu: USN-8124-1 (CVE-2026-3591): Bind vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:L/Au:S/C:P/I:P/A:N)	Mar 25, 2026	Mar 27, 2026	Mar 27, 2026

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:N)

Published

Mar 25, 2026

Added

Mar 27, 2026

Modified

Mar 27, 2026

Description

A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly (mis)match an IP address. In a default-allow ACL (denying only specific IP addresses), this may lead to unauthorized access. Default-deny ACLs should fail-secure.
This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1.
BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.

Solution

ubuntu-upgrade-bind9

References

CVE-2026-3591
https://attackerkb.com/topics/CVE-2026-3591
CWE-305
CWE-562
EUVD-EUVD-2026-15413
UBUNTU-USN-8124-1
https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-15413

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today