UBUNTU-CVE-2026-3039

BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS deployments and/or...

CLSA-2026-1779214855 bind: Fix of CVE-2026-1519

CVE-2026-1519: fix unbounded NSEC3 iterations when validating referrals to unsigned delegations...

CVE-2026-47107

Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox configuration files where /etc is bind-mounted without read-write restrictions, allowing authenticated users to write arbitrary entries to /etc/hosts, /etc/resolv.conf, and...

Updated bind packages fix security vulnerabilities

It was discovered that bind contained a vulnerability where a Malformed BRID/HHIT record can cause named to terminate unexpectedly CVE-2025-13878. If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-on...

CVE-2026-47107 Windmill < 1.703.2 Incorrect Default Permissions in nsjail Configuration

Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox configuration files where /etc is bind-mounted without read-write restrictions, allowing authenticated users to write arbitrary entries to /etc/hosts, /etc/resolv.conf, and...

CVE-2026-47107

Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox configuration files where /etc is bind-mounted without read-write restrictions, allowing authenticated users to write arbitrary entries to /etc/hosts, /etc/resolv.conf, and...

Important: Red Hat Security Advisory: bind security update

An update for bind is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

RHEL 9 : bind (RHSA-2026:18786)

"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18786 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named %NASLMINLEVEL...

PT-2026-41986

Name of the Vulnerable Software and Affected Versions Windmill versions prior to 1.703.2 Description Incorrect default permissions in nsjail sandbox configuration files allow the /etc directory to be bind-mounted without read-write restrictions. This enables authenticated users to write arbitrary...

GHSA-PGVV-Q3WF-MM9M OpenTelemetry eBPF Instrumentation: Postgres BIND parsing can panic on malformed payloads

Summary The Postgres protocol parser assumes BIND message payloads contain a valid NUL-terminated portal name. A crafted empty or unterminated payload can make OBI slice beyond the end of the captured buffer and panic. Details The vulnerable logic is in pkg/ebpf/common/sqldetectpostgres.go. In th...

OpenTelemetry eBPF Instrumentation: Postgres BIND parsing can panic on malformed payloads

Summary The Postgres protocol parser assumes BIND message payloads contain a valid NUL-terminated portal name. A crafted empty or unterminated payload can make OBI slice beyond the end of the captured buffer and panic. Details The vulnerable logic is in pkg/ebpf/common/sqldetectpostgres.go. In th...

GHSA-RG2X-37C3-W2RH Docker: Race condition in docker cp allows bind mount redirection to host path

Summary A race condition during docker cp mount setup allows a malicious container to redirect a bind mount target to an arbitrary host path, potentially overwriting host files or causing denial of service. Details When copying files into a container, the daemon sets up a temporary filesystem vie...

Docker: Race condition in docker cp allows bind mount redirection to host path

Summary A race condition during docker cp mount setup allows a malicious container to redirect a bind mount target to an arbitrary host path, potentially overwriting host files or causing denial of service. Details When copying files into a container, the daemon sets up a temporary filesystem vie...

PT-2026-41767

Name of the Vulnerable Software and Affected Versions Docker affected versions not specified Description A race condition occurs during the mount setup of the docker cp command. When copying files into a container, the daemon creates a temporary filesystem view by bind-mounting volumes. A process...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: bind (UTSA-2026-021471)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021471 advisory. If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are...

Oracle Linux 7 : bind (ELSA-2026-11371)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-11371 advisory. - Resolve CVE-2026-1519 Orabug: 39275755 - Resolve CVE-2025-40778 Orabug: 38699863 Tenable has extracted the preceding description block directly from the Orac...

PT-2026-41783

Name of the Vulnerable Software and Affected Versions OpenTelemetry eBPF Instrumentation versions prior to 0.9.0 Description The Postgres protocol parser incorrectly assumes that BIND message payloads contain a valid NUL-terminated portal name. When processing a crafted empty or unterminated...

PT-2026-42163

Name of the Vulnerable Software and Affected Versions BIND 9 versions 9.11.0 through 9.16.50 BIND 9 versions 9.18.0 through 9.18.48 BIND 9 versions 9.20.0 through 9.20.22 BIND 9 versions 9.21.0 through 9.21.21 BIND 9 versions 9.11.3-S1 through 9.16.50-S1 BIND 9 versions 9.18.11-S1 through...

PT-2026-42154

Name of the Vulnerable Software and Affected Versions BIND 9 versions 9.0.0 through 9.16.50 BIND 9 versions 9.18.0 through 9.18.48 BIND 9 versions 9.20.0 through 9.20.22 BIND 9 versions 9.21.0 through 9.21.21 BIND 9 versions 9.9.3-S1 through 9.16.50-S1 BIND 9 versions 9.18.11-S1 through 9.18.48-S...

PT-2026-42156

Name of the Vulnerable Software and Affected Versions BIND 9 versions 9.20.0 through 9.20.22 BIND 9 versions 9.21.0 through 9.21.21 BIND 9 versions 9.20.9-S1 through 9.20.22-S1 Description A heap use-after-free issue exists within the DNS-over-HTTPS implementation. Use-after-free occurs when an...