PatchSiren cyber security CVE debrief

CVE-2026-5946 ISC CVE debrief

CVE-2026-5946 is a high-severity availability issue in BIND 9's named process. According to the NVD record and ISC references, specially crafted DNS traffic using non-IN classes (for example, CHAOS, HESIOD, ANY, or NONE) can reach code paths such as recursion, dynamic updates, NOTIFY handling, or IN-specific record processing in non-IN data and trigger assertion failures.

Vendor: ISC
Product: BIND 9
CVSS: HIGH 7.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-05-20
Original CVE updated: 2026-05-21
Advisory published: 2026-05-20
Advisory updated: 2026-05-21

Who should care

DNS teams running ISC BIND 9, especially authoritative or recursive deployments that accept dynamic updates, NOTIFYs, or unusual-class DNS traffic. Treat this as a priority for internet-facing name servers and any environment with automation that submits DNS messages.

Technical summary

The issue is described as multiple flaws in named’s handling of DNS messages whose CLASS is not Internet (IN), including meta-classes in the question section. When crafted traffic reaches affected processing paths—recursion, UPDATE, NOTIFY, or IN-specific record handling in non-IN data—the daemon can assert and fail, producing a network-reachable denial of service. The CVSS vector supplied by NVD is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Defensive priority

High. The impact is availability-only but network reachable and requires no privileges or user interaction, so exposed DNS services should be updated quickly.

Recommended defensive actions

Inventory named instances and confirm whether they fall within the affected BIND 9 ranges listed in the advisory.
Upgrade to the ISC-referenced fixed releases: 9.18.49, 9.20.23, or 9.21.22, or the corresponding supported maintenance release for your branch.
Prioritize internet-facing recursive resolvers, authoritative servers accepting dynamic updates, and any deployment that processes NOTIFY.
Review logging and monitoring for named assertion failures or repeated restarts, and confirm service recovery procedures.
If immediate upgrade is delayed, reduce exposure of unnecessary DNS features and limit who can send UPDATE or NOTIFY traffic to the server.

Evidence notes

The CVE record was published and modified on 2026-05-20, and the NVD item is marked 'Undergoing Analysis.' The source corpus ties the issue to ISC BIND named and includes ISC references for version-specific downloads (9.18.49, 9.20.23, 9.21.22) plus an ISC KB entry. The source vendor mapping in the provided item is low confidence/needs review, so this debrief relies on the CVE description and official ISC/NVD references rather than inferred enrichment.

Official resources

CVE-2026-5946 CVE record
CVE.org
CVE-2026-5946 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Patch
Mitigation or vendor reference
[email protected] - Patch
Mitigation or vendor reference
[email protected] - Patch
Mitigation or vendor reference
[email protected] - Vendor Advisory

Publicly disclosed on 2026-05-20 via the NVD record, with ISC references included in the source item.