CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2026-44815

CVSS 9.8v3.1pub. 2026-06-09upd. 2026-06-11

Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network.

🤖 AI Analysis
How it works

The vulnerability consists of a stack-based buffer overflow (CWE-121) in the Windows DHCP Client component. An attacker can send specially crafted network packets to a vulnerable DHCP client without requiring any authentication. The stack overflow allows overwriting process control data and redirecting execution to code supplied by the attacker. The lack of user interaction requirements and special privileges makes the attack fully automated.

Impact

An attacker can gain full control over a vulnerable system through remote code execution (RCE) from the network level, which may lead to breach of confidentiality, integrity, and availability of the system.

Mitigation & patch

Patches available from the manufacturer should be applied according to the references — detailed information about available updates can be found in the Microsoft Security Response Center at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44815. Until the patch is deployed, it is recommended to limit network exposure of vulnerable systems and monitor DHCP traffic on the network.

Who is affected

Microsoft Windows systems with active DHCP Client component — specific versions indicated in the manufacturer's references (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44815)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Microsoft Windows 10 1607

    OS
    Microsoft
    < 10.0.14393.9234
  • Microsoft Windows 10 1809

    OS
    Microsoft
    < 10.0.17763.8880
  • Microsoft Windows 10 21h2

    OS
    Microsoft
    < 10.0.19044.7417
  • Microsoft Windows 10 22h2

    OS
    Microsoft
    < 10.0.19045.7417
  • Microsoft Windows 11 23h2

    OS
    Microsoft
    < 10.0.22631.7219
  • Microsoft Windows 11 24h2

    OS
    Microsoft
    < 10.0.26100.8655
  • Microsoft Windows 11 25h2

    OS
    Microsoft
    < 10.0.26200.8655
  • Microsoft Windows 11 26h1

    OS
    Microsoft
    < 10.0.28000.2269
  • Microsoft Windows Server 2012

    OS
    Microsoft
    r2
  • Microsoft Windows Server 2016

    OS
    Microsoft
    < 10.0.14393.9234
  • Microsoft Windows Server 2019

    OS
    Microsoft
    < 10.0.17763.8880
  • Microsoft Windows Server 2022

    OS
    Microsoft
    < 10.0.20348.5256
  • Microsoft Windows Server 2025

    OS
    Microsoft
    < 10.0.26100.32995
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2025-59287CRITICAL9.8⚠ KEVPL ✓ten sam produkt

RCE w Windows Server Update Service (WSUS) — deserializacja danych

CVE-2020-1350CRITICAL10.0⚠ KEVten sam produkt

A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly ...

CVE-2020-1040CRITICAL9.0⚠ KEVten sam produkt

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly val...

CVE-2020-0646CRITICAL9.8⚠ KEVten sam produkt

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properl...

CVE-2017-8543CRITICAL9.8⚠ KEVten sam produkt

Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows S...