wid-sec-w-2026-0887
·
Published 2026-03-26
·
View on BSI CERT-Bund ↗
Internet Systems Consortium Kea: Vulnerability allows Denial of Service
CVSS 7.5
HIGH
Risk Summary
Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error. This issue affects Kea versions 2.6.0 through 2.6.4 and 3.0.0 through 3.0.2.
CVEs (1)
Affected Vendors
Fedora
Internet Systems Consortium
Red Hat
SUSE
Affected Products (4)
Internet Systems Consortium
·
Kea
<2.6.5
Internet Systems Consortium
·
Kea
2.6.5
Internet Systems Consortium
·
Kea
<3.0.3
Internet Systems Consortium
·
Kea
3.0.3
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more