| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.2 | $0-$5k | 0.00 |
Summary
A vulnerability categorized as problematic has been discovered in ISC BIND up to 9.18.48/9.18.49-S0/9.20.22/9.20.22-S1/9.21.21. The affected element is an unknown function of the component DNS Message Handler. Executing a manipulation can lead to race condition. This vulnerability is handled as CVE-2026-5947. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.
Details
A vulnerability was found in ISC BIND up to 9.18.48/9.18.49-S0/9.20.22/9.20.22-S1/9.21.21. It has been declared as problematic. This vulnerability affects an unknown functionality of the component DNS Message Handler. The manipulation with an unknown input leads to a race condition vulnerability. The CWE definition for the vulnerability is CWE-362. The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently. As an impact it is known to affect availability. CVE summarizes:
Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG(0), it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached (as would occur during a query flood), and that same DNS message is discarded per the limit, there is a brief window of time while the SIG(0) validation may attempt to read the now-discarded DNS message. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.28 through 9.18.49 and 9.18.28-S1 through 9.18.49-S1 are NOT affected.
The advisory is shared for download at kb.isc.org. This vulnerability was named CVE-2026-5947 since 04/09/2026. The exploitation appears to be easy. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. There are neither technical details nor an exploit publicly available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 06/05/2026).
The vulnerability scanner Nessus provides a plugin with the ID 315662 (ISC BIND 9.20.0 < 9.20.23 / 9.20.9-S1 < 9.20.23-S1 / 9.21.0 < 9.21.22 Vulnerability (cve-2026-5947)), which helps to determine the existence of the flaw in a target environment.
Upgrading to version 9.18.49 or 9.18.49-S1 eliminates this vulnerability.
The vulnerability is also documented in the databases at Tenable (315662) and CERT Bund (WID-SEC-2026-1626). Once again VulDB remains the best source for vulnerability data.
Affected
- Debian Linux
- Red Hat Enterprise Linux
- Fedora Linux
- Ubuntu Linux
- Oracle Linux
- Infoblox NIOS
- SUSE openSUSE
- Internet Systems Consortium BIND
Product
Type
Vendor
Name
Version
- 9.18.0
- 9.18.1
- 9.18.2
- 9.18.3
- 9.18.4
- 9.18.5
- 9.18.6
- 9.18.7
- 9.18.8
- 9.18.9
- 9.18.10
- 9.18.11
- 9.18.12
- 9.18.13
- 9.18.14
- 9.18.15
- 9.18.16
- 9.18.17
- 9.18.18
- 9.18.19
- 9.18.20
- 9.18.21
- 9.18.22
- 9.18.23
- 9.18.24
- 9.18.25
- 9.18.26
- 9.18.27
- 9.18.28
- 9.18.29
- 9.18.30
- 9.18.31
- 9.18.32
- 9.18.33
- 9.18.34
- 9.18.35
- 9.18.36
- 9.18.37
- 9.18.38
- 9.18.39
- 9.18.40
- 9.18.41
- 9.18.42
- 9.18.43
- 9.18.44
- 9.18.45
- 9.18.46
- 9.18.47
- 9.18.48
- 9.18.49-S0
- 9.20.0
- 9.20.1
- 9.20.2
- 9.20.3
- 9.20.4
- 9.20.5
- 9.20.6
- 9.20.7
- 9.20.8
- 9.20.9
- 9.20.10
- 9.20.11
- 9.20.12
- 9.20.13
- 9.20.14
- 9.20.15
- 9.20.16
- 9.20.17
- 9.20.18
- 9.20.19
- 9.20.20
- 9.20.21
- 9.20.22
- 9.20.22-S1
- 9.21.0
- 9.21.1
- 9.21.2
- 9.21.3
- 9.21.4
- 9.21.5
- 9.21.6
- 9.21.7
- 9.21.8
- 9.21.9
- 9.21.10
- 9.21.11
- 9.21.12
- 9.21.13
- 9.21.14
- 9.21.15
- 9.21.16
- 9.21.17
- 9.21.18
- 9.21.19
- 9.21.20
- 9.21.21
License
Website
- Vendor: https://www.isc.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔒VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.2VulDB Meta Temp Score: 6.2
VulDB Base Score: 5.3
VulDB Temp Score: 5.1
VulDB Vector: 🔒
VulDB Reliability: 🔍
NVD Base Score: 5.9
NVD Vector: 🔒
CNA Base Score: 7.5
CNA Vector (isc): 🔒
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploiting
Class: Race conditionCWE: CWE-362
CAPEC: 🔒
ATT&CK: 🔒
Physical: No
Local: No
Remote: Yes
Availability: 🔒
Status: Not defined
EPSS Score: 🔒
EPSS Percentile: 🔒
Price Prediction: 🔍
Current Price Estimation: 🔒
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 315662
Nessus Name: ISC BIND 9.20.0 < 9.20.23 / 9.20.9-S1 < 9.20.23-S1 / 9.21.0 < 9.21.22 Vulnerability (cve-2026-5947)
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔒
Upgrade: BIND 9.18.49/9.18.49-S1
Timeline
04/09/2026 CVE reserved05/20/2026 Advisory disclosed
05/20/2026 VulDB entry created
06/05/2026 VulDB entry last update
Sources
Vendor: isc.orgAdvisory: kb.isc.org
Status: Confirmed
CVE: CVE-2026-5947 (🔒)
GCVE (CVE): GCVE-0-2026-5947
GCVE (VulDB): GCVE-100-364876
CERT Bund: WID-SEC-2026-1626 - Internet Systems Consortium BIND: Mehrere Schwachstellen
Entry
Created: 05/20/2026 15:40Updated: 06/05/2026 14:31
Changes: 05/20/2026 15:40 (64), 05/20/2026 23:54 (2), 05/21/2026 18:37 (7), 05/23/2026 22:24 (11), 05/26/2026 15:40 (1), 06/05/2026 14:31 (1)
Complete: 🔍
Cache ID: 216::103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.