THE Internet Systems Consortium (ISC) has released urgent updates for BIND 9 to address several critical vulnerabilities affecting the global DNS infrastructure. Key issues include severe memory exploits (CVE-2026-3039, CVE-2026-3593) that can lead to crashes from memory exhaustion and corruption. Additional threats involve assertion failures (CVE-2026-5946, CVE-2026-5947) and resource exhaustion loops (CVE-2026-5950). An amplification attack vector (CVE-2026-3592) also poses risks by consuming excessive bandwidth.
ISC advises administrators to promptly update software to versions 9.18.49, 9.20.23, or 9.21.22 to protect their networks.