Skip to main content

wicked EUVDEUVD-2026-37127

| CVE-2026-44932 HIGH
OS Command Injection (CWE-78)
2026-06-16 suse GHSA-hc32-vf4h-9cg4
8.8
CVSS 3.1 · Vendor: suse
Share

Severity by source

Vendor (suse) PRIMARY
8.8 HIGH
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
8.8 HIGH

Adjacent-network rogue DHCP server (AV:A, AC:L) needs no authentication or user interaction and injects shell commands executed by netconfig at high privilege, yielding full C/I/A impact.

3.1 AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
SUSE
HIGH
qualitative
Red Hat
8.8 HIGH
qualitative

Primary rating from Vendor (suse).

CVSS VectorVendor: suse

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Patch available
Jun 16, 2026 - 18:01 EUVD
Source Code Evidence Fetched
Jun 16, 2026 - 17:17 vuln.today
Analysis Generated
Jun 16, 2026 - 17:17 vuln.today

DescriptionCVE.org

Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine.

AnalysisAI

Command injection in openSUSE/SUSE wicked DHCP client before 0.6.79 allows attackers operating a rogue DHCP server on the victim's local network segment to execute arbitrary commands by embedding single-quoted shell metacharacters in DHCP option strings, which are written unsanitized to /run/wicked/leaseinfo.* files and later consumed by netconfig. The CVSS 8.8 (AV:A) rating reflects adjacent-network exposure without authentication. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Attach to victim's L2 segment
Delivery
Stand up rogue DHCPv4/DHCPv6 server
Exploit
Send reply with single-quoted shell payload in option string
Install
wicked writes unsanitized value to /run/wicked/leaseinfo.*
C2
netconfig parses broken key='value' line
Execute
Shell metacharacters execute as netconfig
Impact
Command execution on target host

Vulnerability AssessmentAI

Exploitation Attacker must be on the same Layer 2 broadcast domain as the victim (AV:A) and able to win the DHCP race or be the sole responder, e.g. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are mostly consistent: CVSS 3.1 vector AV:A/AC:L/PR:N/UI:N with C:H/I:H/A:H gives an 8.8 base, matching a root-level command-injection class flaw. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker joins the victim's broadcast domain - for example a conference Wi-Fi or a compromised VLAN - and runs a rogue DHCP server that responds with option values containing embedded single quotes followed by shell metacharacters. When a SUSE host running wicked < 0.6.79 acquires or renews its lease, wicked writes the unsanitized value into /run/wicked/leaseinfo.*, netconfig parses the broken key='value' line, and the attacker's payload is executed in the netconfig context on the target.
Remediation Vendor-released patch: wicked 0.6.79 - upgrade via the SUSE SLE security updates published in June 2026 (lists.suse.com/pipermail/sle-security-updates/2026-June/026688.html through 026691.html) or by pulling the openSUSE/wicked version-0.6.79 tag. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify and inventory all systems running wicked DHCP client before version 0.6.79; implement DHCP snooping and port security controls on network switches. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Important
Product Status
SUSE Linux Enterprise Desktop 15 SP7 SUSE Linux Enterprise High Performance Computing 15 SP7 SUSE Linux Enterprise Module for Basesystem 15 SP7 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS Fixed
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS Fixed
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS Fixed
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS Fixed

Share

EUVD-2026-37127 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy