PatchSiren cyber security CVE debrief
CVE-2026-3104 ISC CVE debrief
CVE-2026-3104 is a network-reachable denial-of-service issue in ISC BIND 9 where querying a specially crafted domain can cause a memory leak in the resolver. ISC and NVD identify affected branches as 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. ISC’s referenced fixes are 9.20.21 and 9.21.20, and the vendor also states that 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are not affected.
- Vendor
- ISC
- Product
- BIND 9
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-25
- Original CVE updated
- 2026-05-21
- Advisory published
- 2026-03-25
- Advisory updated
- 2026-05-21
Who should care
DNS and infrastructure teams running ISC BIND 9 resolver instances, especially administrators responsible for internet-facing or high-volume recursive DNS services on the affected 9.20.x or 9.21.x branches.
Technical summary
The vulnerability is caused by a memory management issue in the BIND resolver path. According to the CVE description, a specially crafted domain name can trigger a leak simply by being queried. NVD classifies the issue as CVSS 3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H and maps it to CWE-401 (memory leak) with ISC also referencing CWE-772. The practical impact is loss of availability as leaked memory accumulates in an affected resolver process.
Defensive priority
High. This is a remotely triggerable availability issue with no privileges or user interaction required, and ISC has published fixed releases for the affected branches.
Recommended defensive actions
- Upgrade ISC BIND 9 to a fixed release: 9.20.21 for the 9.20.x branch or 9.21.20 for the 9.21.x branch.
- If you are on BIND 9.18.x, verify the exact build against the vendor note; ISC states the 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 ranges are not affected.
- Inventory all resolver instances and confirm whether any systems are on affected 9.20.x, 9.21.x, or -S1 builds.
- Prioritize patching systems that handle untrusted DNS traffic or provide critical recursive resolution services.
- Monitor resolver memory usage and service stability until upgrades are completed, and plan maintenance windows if the resolver is sensitive to restart or reload operations.
- Review the ISC vendor advisory for any additional deployment guidance before and after applying the update.
Evidence notes
This debrief is based only on the supplied NVD record and ISC references. The core impact statement comes from the CVE description and the vendor advisory link. Version ranges and fixed releases are taken from the NVD CPE criteria and ISC patch references. No exploit steps or unsupported impact claims are included.
Official resources
-
CVE-2026-3104 CVE record
CVE.org
-
CVE-2026-3104 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
Publicly disclosed on 2026-03-25. The supplied NVD record was last modified on 2026-05-21, reflecting the addition of vendor patch and advisory references.