Critical Vulnerability in Kea DHCP Server Allows Remote Crash

Critical Vulnerability in Kea DHCP Server Allows Remote Crash

First seen 27 Mar 2026, 07:45 UTC GbhackersCybersecuritynews 93% similarity 72.0

Article Content

Browse articles
ThreatCluster

The Internet Systems Consortium (ISC) has issued a critical security advisory regarding a high-severity vulnerability in the Kea DHCP server, tracked as CVE-2026-3608. This vulnerability, published on 2026-03-25, permits unauthenticated remote attackers to exploit a stack overflow error, leading to the crashing of the receiving daemon. The flaw poses a significant risk to enterprise networks and internet service providers that utilize the Kea DHCP server for managing IP allocations. Network administrators are urged to take immediate action to mitigate potential disruptions. The scope of impact includes essential network services that rely on the Kea DHCP server, potentially affecting millions of users. As of the advisory date, there are no known exploits in the wild, but the severity of the vulnerability necessitates prompt attention.

Key Points: • CVE-2026-3608 allows unauthenticated remote attacks to crash the Kea DHCP server. • The vulnerability affects enterprise networks and ISPs using the Kea DHCP server. • Immediate action is recommended to prevent service disruptions.

ThreatCluster AI

Timeline

2026-03-25
CVE-2026-3608 published
2026-03-27
ISC issues critical advisory on Kea DHCP vulnerability

Community

Browse all →