diff --git a/0001-fix-CVE-2024-4076.patch b/0001-fix-CVE-2024-4076.patch
new file mode 100644
index 0000000000000000000000000000000000000000..ec90443e5d3a2c7293f243f7e2c9e2f17a1c995f
--- /dev/null
+++ b/0001-fix-CVE-2024-4076.patch
@@ -0,0 +1,55 @@
+From 719070491c15fb9879b384d0a725fb0a76686894 Mon Sep 17 00:00:00 2001
+From: PeilinHe <he.peilin@zte.com.cn>
+Date: Wed, 4 Sep 2024 09:43:38 +0000
+Subject: [PATCH] fix CVE-2024-4076
+
+---
+ CHANGES                     | 3 +++
+ doc/notes/notes-9.18.27.rst | 6 ++++++
+ lib/ns/query.c              | 1 +
+ 3 files changed, 10 insertions(+)
+
+diff --git a/CHANGES b/CHANGES
+index 598feff..2149495 100644
+--- a/CHANGES
++++ b/CHANGES
+@@ -1,4 +1,7 @@
+ 	--- 9.18.27 released ---
++6375.	[security]	qctx-zversion was not being cleared when it should have
++			been leading to an assertion failure if it needed to be
++			reused. (CVE-2024-4076) [GL #4507]
+ 
+ 6374.	[bug]		Skip to next RRSIG if signature has expired or is in
+ 			the future rather than failing immediately. [GL #4586]
+diff --git a/doc/notes/notes-9.18.27.rst b/doc/notes/notes-9.18.27.rst
+index ff8c6cc..137c9b3 100644
+--- a/doc/notes/notes-9.18.27.rst
++++ b/doc/notes/notes-9.18.27.rst
+@@ -12,6 +12,12 @@
+ Notes for BIND 9.18.27
+ ----------------------
+ 
++Security Fixes
++~~~~~~~~~~~~~~
++- Due to a logic error, lookups that trigger serving stale data and require
++    lookups in local authoritative zone data may result in an assertion failure.
++      This has been fixed. :cve:`2024-4076` :gl:`#4507`
++
+ New Features
+ ~~~~~~~~~~~~
+ 
+diff --git a/lib/ns/query.c b/lib/ns/query.c
+index 537d332..be4cbb6 100644
+--- a/lib/ns/query.c
++++ b/lib/ns/query.c
+@@ -5325,6 +5325,7 @@ qctx_freedata(query_ctx_t *qctx) {
+ 		ns_client_releasename(qctx->client, &qctx->zfname);
+ 		dns_db_detachnode(qctx->zdb, &qctx->znode);
+ 		dns_db_detach(&qctx->zdb);
++		qctx->zversion = NULL;
+ 	}
+ 
+ 	if (qctx->event != NULL && !qctx->client->nodetach) {
+-- 
+2.25.1
+
diff --git a/bind.spec b/bind.spec
index 10a39d740fce7018e5021c9809a2544a160dc8e6..53813cf3c1d01e8cd7bd47d1f6f73722a1b3a57a 100644
--- a/bind.spec
+++ b/bind.spec
@@ -63,6 +63,7 @@ Source48: setup-named-softhsm.sh
 Source49: named-chroot.files
 
 # Common patches
+Patch0: 0001-fix-CVE-2024-4076.patch
 
 %{?systemd_ordering}
 Requires:       coreutils