Changeflow GovPing Data Privacy & Cybersecurity BIND Vulnerabilities Allow Remote Denial of Ser...
Priority review Notice Amended Final

BIND Vulnerabilities Allow Remote Denial of Service Attacks

Favicon for wid.cert-bund.de CERT-Bund Security Advisories
Published March 25th, 2026
Detected March 26th, 2026
Email

Summary

CERT-Bund has issued a security advisory regarding multiple vulnerabilities in Internet Systems Consortium BIND software. These vulnerabilities, with a CVSS Base Score of 7.5, could allow remote attackers to perform denial-of-service attacks or bypass security measures. Affected versions include BIND <9.18.47, <9.20.21, and <9.21.20.

View original document View source feed page

What changed

CERT-Bund has released security advisory WID-SEC-2026-0863 detailing critical vulnerabilities in Internet Systems Consortium BIND software, a widely used DNS server. The advisory highlights that remote attackers, authenticated or anonymous, can exploit these flaws to conduct denial-of-service (DoS) attacks or bypass security controls. The vulnerabilities have a CVSS Base Score of 7.5 (High) and a Temporal Score of 6.5 (Medium), indicating a significant security risk.

Organizations running affected versions of BIND, including specific versions on Fedora Linux and Ubuntu Linux, must take immediate action. The advisory indicates that mitigation is available, and users are strongly advised to update their BIND installations to patched versions (e.g., BIND >= 9.18.47, >= 9.20.21, >= 9.21.20). Failure to patch could lead to service disruptions and potential security breaches, impacting network availability and integrity.

What to do next

  1. Update Internet Systems Consortium BIND to the latest patched versions.
  2. Review system logs for any signs of exploitation related to these vulnerabilities.
  3. Implement network segmentation and access controls to limit potential attack vectors.

Source document (simplified)

[WID-SEC-2026-0863] Internet Systems Consortium BIND: Mehrere Schwachstellen CVSS Base Score 7.5 (hoch) CVSS Temporal Score 6.5 (mittel) Remoteangriff ja Datum 25.03.2026 Stand 26.03.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

  • Sonstiges
  • UNIX
  • Windows

Produktbeschreibung

BIND (Berkeley Internet Name Domain) ist ein Open-Source-Softwarepaket, das einen Domain-Name-System-Server implementiert.

Produkte

25.03.2026
- Fedora Linux

  • Ubuntu Linux

  • Internet Systems Consortium BIND <9.18.47

  • Internet Systems Consortium BIND <9.20.21

  • Internet Systems Consortium BIND <9.21.20

Angriff

Angriff

Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Internet Systems Consortium BIND ausnutzen, um einen Denial of Service Angriff durchzuführen oder Sicherheitsmaßnahmen zu umgehen. CVE Informationen Versionshistorie Feedback zum Advisory geben

Named provisions

Betroffene Systeme Angriff

Related changes

Favicon for wid.cert-bund.de M-Files Server Information Disclosure Vulnerability Advisory
Priority review Apr 02, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Cisco Nexus Vulnerabilities Allow File Manipulation, Data Disclosure
Routine Apr 02, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de IGEL UMS Vulnerability Allows Remote Information Disclosure
Priority review Apr 02, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for www.cssf.lu Active Supply Chain Attack Targeting Axios NPM
Urgent Apr 04, 2026 CSSF News Banking & Finance
Favicon for www.cert.ssi.gouv.fr SUSE Linux Kernel Multiple Vulnerabilities Advisory
Priority review Apr 03, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Multiple Ubuntu Linux Kernel Vulnerabilities Allow Arbitrary Code Execution
Priority review Apr 03, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity

Source

Favicon for wid.cert-bund.de
CERT-Bund Security Advisories wid.cert-bund.de/content/public/securityAdvisory/rss
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CERT-Bund
Published
March 25th, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive
Document ID
WID-SEC-2026-0863

Who this affects

Applies to
Technology companies
Industry sector
5112 Software & Technology
Activity scope
DNS Services Network Security
Geographic scope
Germany DE

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Network Security Vulnerability Management

Browse Categories

Agriculture & Food Safety 63 AI Regulation 3 Banking & Finance 266 Consumer Protection 44 Courts & Legal 358 Data Privacy & Cybersecurity 74 Defense & National Security 52 Education 20 Energy 101 Environment 85 Government & Legislation 277 Healthcare 136 Housing 16 Immigration 9 Insurance 58 Labor & Employment 113 Pharma & Drug Safety 103 Securities & Markets 104 Tax 66 Telecom & Technology 47 Trade & Sanctions 124 Transportation 57

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-Bund Security Advisories publishes new changes.

Optional. Personalizes your daily digest.

Free. Unsubscribe anytime.