ISC Warns of High-Severity Kea DHCP Flaw That Can Crash Services Remotely

Home Cyber Security News ISC Warns of High-Severity Kea DHCP Flaw That Can Crash Services Remotely The Internet Systems Consortium (ISC) has released a critical security advisory warning network administrators of a high-severity vulnerability affecting the Kea DHCP server. Tracked as CVE-2026-3608, this flaw allows unauthenticated remote attackers to trigger a stack overflow error. When successfully exploited, the vulnerability causes the receiving daemon to crash, resulting in a sudden and total loss of DHCP services across the network. Kea DHCP Vulnerability The vulnerability exists in how Kea daemons process incoming messages over specific listening channels. An attacker can exploit this weakness by sending a maliciously crafted message over any configured API socket or High Availability (HA) listener. Because the incoming payload is not handled correctly by the software, a stack overflow occurs, forcing the service to terminate unexpectedly. This issue impacts multiple core components of the Kea architecture. The advisory explicitly notes that the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, and kea-dhcp6 daemons are all susceptible to this attack. Ali Norouzi from Keysight is credited with discovering and responsibly reporting the issue to the ISC. Carrying a CVSS v3.1 score of 7.5, CVE-2026-3608 represents a significant threat to network stability. The vulnerability requires zero user interaction and no elevated privileges, meaning any bad actor with network access to the API sockets can trigger the crash. The primary consequence of this exploit is a severe denial-of-service condition. When the Kea daemons exit, the network immediately loses its DHCP capabilities, which can disrupt IP address assignment, break network connectivity for new devices, and severely impact enterprise operations. Fortunately, the ISC has stated that they are currently unaware of any active exploits in the wild. Mitigations and Workarounds To permanently resolve this vulnerability, the ISC strongly advises organizations to immediately upgrade their Kea deployments to the latest patched releases. Administrators running the 2.6 branch should update to Kea 2.6.5. In comparison, those on the 3.0 branch must update to Kea 3.0.3 to secure their environments against potential denial-of-service attacks. For network administrators who are unable to patch their systems right away, the ISC has provided an effective temporary workaround. Organizations can block the exploitation path by securing their API sockets with Transport Layer Security (TLS) and enforcing strict mutual authentication. By configuring the server to require a valid client certificate, administrators ensure that an attacker cannot establish the initial API connection required to deliver the malicious payload. Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories. RELATED ARTICLESMORE FROM AUTHOR Cyber Security Anthropic’s Leaked Drafts Expose Powerful New AI Model “Claude Mythos” Cyber Security News Claude Chrome Extension 0-Click Vulnerability Enables Silent Prompt Injection Attacks Cyber Security News Critical NVIDIA Vulnerabilities Enables RCE and DoS Attacks Top 10 Essential E-Signature Solutions for Cybersecurity in 2026 January 31, 2026 Top 10 Best Data Removal Services In 2026 January 29, 2026 Best VPN Services of 2026: Fast, Secure & Affordable January 26, 2026 Top 10 Best Data Security Companies in 2026 January 23, 2026 Top 15 Best Ethical Hacking Tools – 2026 January 15, 2026