Skip to main content

Windows DHCP Server EUVD-2026-35688

| CVE-2026-45634 MEDIUM
Out-of-bounds Read (CWE-125)
2026-06-09 secure@microsoft.com GHSA-rj9f-334f-9rm5
Information Disclosure Microsoft Buffer Overflow Windows 10 1607 Windows 10 1809 Windows 10 21h2 Windows 10 22h2 Windows 11 23h2 Windows 11 24h2 Windows 11 25h2 Windows 11 26h1 Windows Server 2012 Windows Server 2016 Windows Server 2019 Windows Server 2022 Windows Server 2025
5.5
CVSS 3.1 · NVD
Temporal: 4.8
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CIRCL (temporal)
4.8 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Analysis Generated
Jun 09, 2026 - 19:38 vuln.today
Patch available
Jun 09, 2026 - 19:03 EUVD
CVE Published
Jun 09, 2026 - 17:17 nvd
MEDIUM 5.5

DescriptionNVD

Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.

AnalysisAI

Out-of-bounds read in the Windows DHCP Server service enables a locally authenticated, low-privileged attacker to disclose contents of process memory on affected systems. The CVSS vector (AV:L/AC:L/PR:L/UI:N) confirms this is a local, low-complexity attack requiring only standard user privileges - no elevated rights or user interaction needed. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privilege local account
Delivery
Authenticate to DHCP Server host
Exploit
Trigger OOB read in DHCP service
Execution
Read leaked process memory
Impact
Extract sensitive data from memory disclosure
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires: (1) the Windows DHCP Server role must be installed and running on the target system - this is a non-default role not present on standard workstations or servers unless explicitly configured; (2) the attacker must have a valid low-privileged local or domain account with the ability to interact locally with the target host (AV:L/PR:L per CVSS vector). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS base score of 5.5 (Medium) accurately reflects constrained real-world impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A low-privileged domain or local account holder with interactive or remote desktop access to a Windows Server running the DHCP Server role crafts a malformed request or invokes a vulnerable code path in the DHCP service, triggering the out-of-bounds read. The leaked memory contents are returned to the attacker and could expose sensitive data such as session credentials, cryptographic material, or configuration secrets resident in the DHCP service process memory. …
Remediation Vendor-released patches are confirmed available via Microsoft Security Response Center. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-35688 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy