A flaw was found in BIND 9. A remote, unauthenticated attacker can exploit an unbounded resend loop vulnerability in the resolver state machine during bad-server handling. By sending specially crafted queries that trigger specific retry conditions, the attacker can cause severe resource exhaustion, leading to a Denial of Service (DoS).

Moderate: This flaw in the BIND 9 resolver's state machine can lead to severe resource exhaustion. A remote, unauthenticated attacker could exploit this by sending specially crafted queries that trigger an unbounded resend loop during bad-server handling, potentially causing a denial of service in affected Red Hat products utilizing BIND as a resolver. Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability. Red Hat Hardened Images 2026-05-21T00:00:00Z RHSA-2026:20334 bind-main-9.18.49-1.hum1 Red Hat Enterprise Linux 10 Fix deferred bind Red Hat Enterprise Linux 6 Fix deferred bind Red Hat Enterprise Linux 7 Fix deferred bind Red Hat Enterprise Linux 8 Fix deferred bind Red Hat Enterprise Linux 8 Fix deferred bind9.16 Red Hat Enterprise Linux 9 Fix deferred bind Red Hat Enterprise Linux 9 Fix deferred bind9.18 Red Hat Enterprise Linux 9 Fix deferred dhcp Red Hat OpenShift Container Platform 4 Fix deferred rhcos https://www.cve.org/CVERecord?id=CVE-2026-5950 https://nvd.nist.gov/vuln/detail/CVE-2026-5950