CVE-2026-1519

Overview

ISC
BIND 9

25 Mar 2026

Published

25 Mar 2026

Updated

CVSS v3.1

HIGH (7.5)

EPSS

Pending

MITRE

KEV

Description

If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries (see: https://kb.isc.org/docs/why-does-my-authoritative-server-make-recursive-queries). This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.46, 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.46-S1, and 9.20.9-S1 through 9.20.20-S1.

Statistics

3 Posts
3 Interactions

Last activity: 1 hour ago

Fediverse

ISC.org @iscdotorg

ISC's March 2026 maintenance releases of BIND 9 are available at https://isc.org/download : stable branches 9.18.47 and 9.20.21, and development branch 9.21.20.

Packages and container images provided by ISC will be updated later today.

In addition to bug fixes and feature improvements, these releases also contain fixes for security vulnerabilities:

https://kb.isc.org/docs/cve-2026-1519
https://kb.isc.org/docs/cve-2026-3104
https://kb.isc.org/docs/cve-2026-3119
https://kb.isc.org/docs/cve-2026-3591

Thanks for using ISC's software!

2
1
0
10h ago

Bluesky

piggo @pigondrugs.bsky.social

~Cybergcca~ Six security advisories issued for GitLab, Node.js, n8n, Hitachi, ISC BIND, and Cisco. - IOCs: CVE-2026-1166, CVE-2026-1519, CVE-2026-3591 - #Patching #ThreatIntel #Vulnerability

0
0
0
3h ago

OMO @omo.bsky.social

SIOSセキュリティブログを更新しました。 BIND 9の脆弱性(High: CVE-2026-1519, CVE-2026-3104, Medium: CVE-2026-3119, CVE-2026-3591)と9.18.47, 9.20.21, 9.21.20のリリース #sios_tech #security #vulnerability #セキュリティ #脆弱性 #dns #bind security.sios.jp/vulnerabilit...

0
0
0
1h ago

CVE-2026-3591

Overview

ISC
BIND 9

25 Mar 2026

Published

25 Mar 2026

Updated

CVSS v3.1

MEDIUM (5.4)

EPSS

Pending

MITRE

KEV

Description

A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly (mis)match an IP address. In a default-allow ACL (denying only specific IP addresses), this may lead to unauthorized access. Default-deny ACLs should fail-secure. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.

Statistics

3 Posts
3 Interactions

Last activity: 1 hour ago

Fediverse

ISC.org @iscdotorg

ISC's March 2026 maintenance releases of BIND 9 are available at https://isc.org/download : stable branches 9.18.47 and 9.20.21, and development branch 9.21.20.

Packages and container images provided by ISC will be updated later today.

In addition to bug fixes and feature improvements, these releases also contain fixes for security vulnerabilities:

https://kb.isc.org/docs/cve-2026-1519
https://kb.isc.org/docs/cve-2026-3104
https://kb.isc.org/docs/cve-2026-3119
https://kb.isc.org/docs/cve-2026-3591

Thanks for using ISC's software!

2
1
0
10h ago

Bluesky

piggo @pigondrugs.bsky.social

~Cybergcca~ Six security advisories issued for GitLab, Node.js, n8n, Hitachi, ISC BIND, and Cisco. - IOCs: CVE-2026-1166, CVE-2026-1519, CVE-2026-3591 - #Patching #ThreatIntel #Vulnerability

0
0
0
3h ago

OMO @omo.bsky.social

SIOSセキュリティブログを更新しました。 BIND 9の脆弱性(High: CVE-2026-1519, CVE-2026-3104, Medium: CVE-2026-3119, CVE-2026-3591)と9.18.47, 9.20.21, 9.21.20のリリース #sios_tech #security #vulnerability #セキュリティ #脆弱性 #dns #bind security.sios.jp/vulnerabilit...

0
0
0
1h ago

CVE-2026-3104

Overview

ISC
BIND 9

25 Mar 2026

Published

25 Mar 2026

Updated

CVSS v3.1

HIGH (7.5)

EPSS

Pending

MITRE

KEV

Description

A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.

Statistics

2 Posts
3 Interactions

Last activity: 1 hour ago

Fediverse

ISC.org @iscdotorg

ISC's March 2026 maintenance releases of BIND 9 are available at https://isc.org/download : stable branches 9.18.47 and 9.20.21, and development branch 9.21.20.

Packages and container images provided by ISC will be updated later today.

In addition to bug fixes and feature improvements, these releases also contain fixes for security vulnerabilities:

https://kb.isc.org/docs/cve-2026-1519
https://kb.isc.org/docs/cve-2026-3104
https://kb.isc.org/docs/cve-2026-3119
https://kb.isc.org/docs/cve-2026-3591

Thanks for using ISC's software!

2
1
0
10h ago

Bluesky

OMO @omo.bsky.social

SIOSセキュリティブログを更新しました。 BIND 9の脆弱性(High: CVE-2026-1519, CVE-2026-3104, Medium: CVE-2026-3119, CVE-2026-3591)と9.18.47, 9.20.21, 9.21.20のリリース #sios_tech #security #vulnerability #セキュリティ #脆弱性 #dns #bind security.sios.jp/vulnerabilit...

0
0
0
1h ago

CVE-2026-3119

Overview

ISC
BIND 9

25 Mar 2026

Published

25 Mar 2026

Updated

CVSS v3.1

MEDIUM (6.5)

EPSS

Pending

MITRE

KEV

Description

Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature (TSIG) from a key declared in the `named` configuration. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.

Statistics

2 Posts
3 Interactions

Last activity: 1 hour ago

Fediverse

ISC.org @iscdotorg

ISC's March 2026 maintenance releases of BIND 9 are available at https://isc.org/download : stable branches 9.18.47 and 9.20.21, and development branch 9.21.20.

Packages and container images provided by ISC will be updated later today.

In addition to bug fixes and feature improvements, these releases also contain fixes for security vulnerabilities:

https://kb.isc.org/docs/cve-2026-1519
https://kb.isc.org/docs/cve-2026-3104
https://kb.isc.org/docs/cve-2026-3119
https://kb.isc.org/docs/cve-2026-3591

Thanks for using ISC's software!

2
1
0
10h ago

Bluesky

OMO @omo.bsky.social

SIOSセキュリティブログを更新しました。 BIND 9の脆弱性(High: CVE-2026-1519, CVE-2026-3104, Medium: CVE-2026-3119, CVE-2026-3591)と9.18.47, 9.20.21, 9.21.20のリリース #sios_tech #security #vulnerability #セキュリティ #脆弱性 #dns #bind security.sios.jp/vulnerabilit...

0
0
0
1h ago

CVE-2026-33870

Overview

Pending

Pending

Published

Pending

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

1 Post
1 Interaction

Last activity: 23 hours ago

Fediverse

Chris @chrisvest

We're released Netty 4.2.11 and 4.1.132. These contain many bug fixes, and fixes for two CVEs both rated *high*:

- CVE-2026-33871: HTTP/2 CONTINUATION frame flood Denial of Service.
- CVE-2026-33870: HTTP/1.1 Request Smuggling vulnerability in chunked encoding parsing.

Release notes for 4.2.11: https://netty.io/news/2026/03/24/4-2-11-Final.html
Release notes for 4.1.132: https://netty.io/news/2026/03/24/4-1-132-Final.html

Also of note: We had 17 people contribute to Netty 4.2.11, of which 5 are new first time contributors 😲

#netty #java

0
1
0
23h ago

CVE-2026-33871

Overview

Pending

Pending

Published

Pending

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

1 Post
1 Interaction

Last activity: 23 hours ago

Fediverse

Chris @chrisvest

We're released Netty 4.2.11 and 4.1.132. These contain many bug fixes, and fixes for two CVEs both rated *high*:

- CVE-2026-33871: HTTP/2 CONTINUATION frame flood Denial of Service.
- CVE-2026-33870: HTTP/1.1 Request Smuggling vulnerability in chunked encoding parsing.

Release notes for 4.2.11: https://netty.io/news/2026/03/24/4-2-11-Final.html
Release notes for 4.1.132: https://netty.io/news/2026/03/24/4-1-132-Final.html

Also of note: We had 17 people contribute to Netty 4.2.11, of which 5 are new first time contributors 😲

#netty #java

0
1
0
23h ago

CVE-2026-27739

Overview

angular
angular-cli

25 Feb 2026

Published

27 Feb 2026

Updated

CVSS v4.0

CRITICAL (9.2)

EPSS

0.05%

MITRE

KEV

Description

The Angular SSR is a server-rise rendering tool for Angular applications. Versions prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 have a Server-Side Request Forgery (SSRF) vulnerability in the Angular SSR request handling pipeline. The vulnerability exists because Angular’s internal URL reconstruction logic directly trusts and consumes user-controlled HTTP headers specifically the Host and `X-Forwarded-*` family to determine the application's base origin without any validation of the destination domain. Specifically, the framework didn't have checks for the host domain, path and character sanitization, and port validation. This vulnerability manifests in two primary ways: implicit relative URL resolution and explicit manual construction. When successfully exploited, this vulnerability allows for arbitrary internal request steering. This can lead to credential exfiltration, internal network probing, and a confidentiality breach. In order to be vulnerable, the victim application must use Angular SSR (Server-Side Rendering), the application must perform `HttpClient` requests using relative URLs OR manually construct URLs using the unvalidated `Host` / `X-Forwarded-*` headers using the `REQUEST` object, the application server must be reachable by an attacker who can influence these headers without strict validation from a front-facing proxy, and the infrastructure (Cloud, CDN, or Load Balancer) must not sanitize or validate incoming headers. Versions 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 contain a patch. Some workarounds are available. Avoid using `req.headers` for URL construction. Instead, use trusted variables for base API paths. Those who cannot upgrade immediately should implement a middleware in their `server.ts` to enforce numeric ports and validated hostnames.

Statistics

1 Post

Last activity: 19 hours ago

Bluesky

OpsMatters @opsmatters.com

The latest update for #Indusface includes "CVE-2026-20963: SharePoint Deserialization Remote Code Execution Vulnerability" and "CVE-2026-27739: Angular SSR Request Vulnerability Enabling Server-Side Request Forgery". #cybersecurity #infosec https://opsmtrs.com/3ySs2VF

0
0
0
19h ago

CVE-2026-1166

Overview

Hitachi
Hitachi Ops Center Administrator

25 Mar 2026

Published

25 Mar 2026

Updated

CVSS v3.1

MEDIUM (4.3)

EPSS

0.03%

MITRE

KEV

Description

Open Redirect vulnerability in Hitachi Ops Center Administrator.This issue affects Hitachi Ops Center Administrator: from 10.2.0 before 11.0.8.

Statistics

1 Post

Last activity: 3 hours ago

Bluesky

piggo @pigondrugs.bsky.social

~Cybergcca~ Six security advisories issued for GitLab, Node.js, n8n, Hitachi, ISC BIND, and Cisco. - IOCs: CVE-2026-1166, CVE-2026-1519, CVE-2026-3591 - #Patching #ThreatIntel #Vulnerability

0
0
0
3h ago