By rssfeeds-admin 
Tracked as CVE-2026-3608, this flaw allows unauthenticated remote attackers to trigger a stack overflow error.
When successfully exploited, the vulnerability causes the receiving daemon to crash, resulting in a sudden and total loss of DHCP services across the network.
Kea DHCP Vulnerability
The vulnerability exists in how Kea daemons process incoming messages over specific listening channels.
An attacker can exploit this weakness by sending a maliciously crafted message over any configured API socket or High Availability (HA) listener.
Because the incoming payload is not handled correctly by the software, a stack overflow occurs, forcing the service to terminate unexpectedly.
This issue impacts multiple core components of the Kea architecture. The advisory explicitly notes that the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, and kea-dhcp6 daemons are all susceptible to this attack.
Ali Norouzi from Keysight is credited with discovering and responsibly reporting the issue to the ISC. Carrying a CVSS v3.1 score of 7.5, CVE-2026-3608 represents a significant threat to network stability.
The vulnerability requires zero user interaction and no elevated privileges, meaning any bad actor with network access to the API sockets can trigger the crash.
The primary consequence of this exploit is a severe denial-of-service condition.
When the Kea daemons exit, the network immediately loses its DHCP capabilities, which can disrupt IP address assignment, break network connectivity for new devices, and severely impact enterprise operations.
Fortunately, the ISC has stated that they are currently unaware of any active exploits in the wild.
Mitigations and Workarounds
To permanently resolve this vulnerability, the ISC strongly advises organizations to immediately upgrade their Kea deployments to the latest patched releases.
Administrators running the 2.6 branch should update to Kea 2.6.5. In comparison, those on the 3.0 branch must update to Kea 3.0.3 to secure their environments against potential denial-of-service attacks.
For network administrators who are unable to patch their systems right away, the ISC has provided an effective temporary workaround.
Organizations can block the exploitation path by securing their API sockets with Transport Layer Security (TLS) and enforcing strict mutual authentication.
By configuring the server to require a valid client certificate, administrators ensure that an attacker cannot establish the initial API connection required to deliver the malicious payload.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post ISC Warns of High-Severity Kea DHCP Flaw That Can Crash Services Remotely appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.