A vulnerability classified as problematic was found in barebox up to 2026.04.0 . The impacted element is the function dhcp_message_type of the component DHCP Handler . Executing a manipulation can lead to out-of-bounds read. This vulnerability appears as CVE-2026-34960 . The attacker needs to be present on the local network. There is no available exploit. Upgrading the affected component is advised.