Tracked as CVE-2026-3608, this flaw allows unauthenticated remote attackers to trigger a stack overflow error.
When successfully exploited, the vulnerability causes the receiving daemon to crash, resulting in a sudden and total loss of DHCP services across the network.
The vulnerability exists in how Kea daemons process incoming messages over specific listening channels.
An attacker can exploit this weakness by sending a maliciously crafted message over any configured API socket or High Availability (HA) listener.
Because the incoming payload is not handled correctly by the software, a stack overflow occurs, forcing the service to terminate unexpectedly.
This issue impacts multiple core components of the Kea architecture. The advisory explicitly notes that the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, and kea-dhcp6 daemons are all susceptible to this attack.
Ali Norouzi from Keysight is credited with discovering and responsibly reporting the issue to the ISC. Carrying a CVSS v3.1 score of 7.5, CVE-2026-3608 represents a significant threat to network stability.
The vulnerability requires zero user interaction and no elevated privileges, meaning any bad actor with network access to the API sockets can trigger the crash.
The primary consequence of this exploit is a severe denial-of-service condition.
When the Kea daemons exit, the network immediately loses its DHCP capabilities, which can disrupt IP address assignment, break network connectivity for new devices, and severely impact enterprise operations.
Fortunately, the ISC has stated that they are currently unaware of any active exploits in the wild.
To permanently resolve this vulnerability, the ISC strongly advises organizations to immediately upgrade their Kea deployments to the latest patched releases.
Administrators running the 2.6 branch should update to Kea 2.6.5. In comparison, those on the 3.0 branch must update to Kea 3.0.3 to secure their environments against potential denial-of-service attacks.
For network administrators who are unable to patch their systems right away, the ISC has provided an effective temporary workaround.
Organizations can block the exploitation path by securing their API sockets with Transport Layer Security (TLS) and enforcing strict mutual authentication.
By configuring the server to require a valid client certificate, administrators ensure that an attacker cannot establish the initial API connection required to deliver the malicious payload.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post ISC Warns of High-Severity Kea DHCP Flaw That Can Crash Services Remotely appeared first on Cyber Security News.
A new wave of cyberattacks is putting financial institutions on high alert, as threat actors…
The official Telnyx Python SDK on PyPI was compromised this morning as part of an…
Red Hat has issued a critical security warning regarding malicious code discovered in recent versions…
Cloud Software Group has issued a critical security bulletin detailing two newly discovered vulnerabilities affecting…
FORT WAYNE, Ind. (WOWO)— A Fort Wayne man is recovering after being shot, and police…
Elon Musk's The Boring Company did not select any Tennessee cities for its Tunnel Vision…
This website uses cookies.