EUVD-2026-15196
GHSA-8xcr-6f99-hm7w
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
4Description
Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error. This issue affects Kea versions 2.6.0 through 2.6.4 and 3.0.0 through 3.0.2.
Analysis
Denial of service in Kea DHCP daemons (versions 2.6.0-2.6.4 and 3.0.0-3.0.2) allows unauthenticated remote attackers to crash affected services by sending maliciously crafted messages to API sockets or HA listeners, triggering a stack overflow. Vulnerable Kea installations across Ubuntu, Red Hat, SUSE, and Debian are susceptible to service interruption attacks with no authentication required. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all systems running vulnerable Kea DHCP versions and isolate them from untrusted network segments if possible; verify patch availability for your environment. Within 7 days: Test and deploy the vendor patch in a staging environment to validate compatibility with existing configurations. …
Sign in for detailed remediation steps.
Priority Score
Vendor Status
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| xenial | needs-triage | - |
| bionic | needs-triage | - |
| focal | needs-triage | - |
| jammy | needs-triage | - |
| noble | needs-triage | - |
| questing | needs-triage | - |
| upstream | released | 3.0.3,2.6.5 |
Debian
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bookworm | vulnerable | 2.2.0-6 | - |
| trixie | vulnerable | 2.6.3-1 | - |
| forky | vulnerable | 3.0.2-3 | - |
| sid | fixed | 3.0.3-1 | - |
| (unstable) | fixed | 3.0.3-1 | - |
Share
External POC / Exploit Code
Leaving vuln.today