What is the CVSS score of CVE-2026-45608?

CVE-2026-45608 has a CVSS 3.1 base score of 6.8 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H. EPSS exploitation probability: 0.0%.

Is there a patch available for CVE-2026-45608?

Yes, a patch is available for CVE-2026-45608. Update the affected software to the latest version immediately.

Windows DHCP Server CVE-2026-45608

EUVD-2026-35567 MEDIUM

Out-of-bounds Read (CWE-125)

2026-06-09 secure@microsoft.com

GHSA-6h8v-8rff-xfh7

Information Disclosure Microsoft Buffer Overflow Windows 10 1607 Windows 10 1809 Windows 10 21h2 Windows 10 22h2 Windows 11 23h2 Windows 11 24h2 Windows 11 25h2 Windows 11 26h1 Windows Server 2012 Windows Server 2016 Windows Server 2019 Windows Server 2022 Windows Server 2025

6.8

CVSS 3.1 · NVD

Temporal: 5.9

Severity by source

NVD PRIMARY

6.8 MEDIUM

AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

CIRCL (temporal)

5.9 MEDIUM

cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Jun 09, 2026 - 19:39 vuln.today

Patch available

Jun 09, 2026 - 19:03 EUVD

CVE Published

Jun 09, 2026 - 17:17 nvd

MEDIUM 6.8

DescriptionNVD

Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.

AnalysisAI

Out-of-bounds read in Windows DHCP Server exposes adjacent memory contents and can crash the service, yielding both information disclosure and a high-severity denial-of-service condition on affected Windows systems. The flaw (CWE-125) is exploitable locally with low attack complexity and no user interaction, targeting systems where the DHCP Server role is installed across a broad range of Windows 10, 11, and Server editions from 2012 through 2025. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Gain local access to DHCP Server host

Delivery

Interact with Windows DHCP Server component

Exploit

Submit crafted malformed input to parsing routine

Execution

Trigger out-of-bounds read beyond allocated buffer

Impact

Read adjacent memory contents (info disclosure) or crash DHCP Server service (DoS)

Access

Gain local access to DHCP Server host

Delivery

Interact with Windows DHCP Server component

Exploit

Submit crafted malformed input to parsing routine

Execution

Trigger out-of-bounds read beyond allocated buffer

Impact

Read adjacent memory contents (info disclosure) or crash DHCP Server service (DoS)

Vulnerability AssessmentAI

Exploitation	The Windows DHCP Server role must be explicitly installed and running on the target system - this role is not present in any default Windows installation and must be deliberately configured, making realistic targets limited to Windows Server deployments acting as network DHCP infrastructure. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 6.8 Medium (AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H) presents a notable internal tension: the high availability impact (A:H) contradicts the description's characterization of this solely as an information disclosure issue - the out-of-bounds read can crash the DHCP Server service, causing a denial of service for all clients dependent on it. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	A threat actor who has obtained local access to a Windows Server running the DHCP Server role - via compromised credentials, lateral movement, or an initial foothold - submits crafted input to the DHCP Server component, triggering an out-of-bounds memory read in the underlying parsing routine. The read may expose sensitive adjacent memory (credentials, configuration data) with low confidentiality impact, or cause the DHCP Server process to crash, halting address allocation for the entire network segment served by that host. …
Remediation	Apply vendor-released patches via Windows Update or the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45608. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-45608 vulnerability details – vuln.today

Back

Windows DHCP Server CVE-2026-45608

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Share

External POC / Exploit Code