• Home
  • cyber
  • Internet Systems Consortium: ISC Issues Critical Warning Over Kea DHCP Vulnerability That Could Remotely Crash Services
cyber Vulnerability

Internet Systems Consortium: ISC Issues Critical Warning Over Kea DHCP Vulnerability That Could Remotely Crash Services

Mar 25, 2026 2 min read
Internet Systems Consortium: ISC Issues Critical Warning Over Kea DHCP Vulnerability That Could Remotely Crash Services

Critical Kea DHCP Server Vulnerability Exposes Networks to DoS Attacks

The Internet Systems Consortium (ISC) has issued a high-severity security advisory for a stack overflow vulnerability (CVE-2026-3608) in its Kea DHCP server software, a widely used solution for IP address management in enterprise and ISP networks. Disclosed on March 25, 2026, the flaw carries a CVSS score of 7.5 and could allow unauthenticated remote attackers to crash critical network services, leading to a complete denial-of-service (DoS).

The vulnerability stems from improper handling of maliciously crafted messages sent via API sockets or High Availability (HA) listeners, triggering a stack overflow in multiple Kea daemons. Affected components include the control agent (kea-ctrl-agent), dynamic DNS updater (kea-dhcp-ddns), and both IPv4/IPv6 services (kea-dhcp4/kea-dhcp6). Exploitation results in an immediate DHCP service outage, preventing new devices from joining the network and disrupting lease renewals for existing clients.

Impacted versions include Kea 2.6.0–2.6.4 and 3.0.0–3.0.2. The flaw was discovered and reported by Ali Norouzi of Keysight. While no active exploits have been observed, the ISC urges administrators to upgrade to patched versions 2.6.5 or 3.0.3 immediately. For those unable to patch, securing API sockets with TLS mutual authentication (via cert-required: true) can mitigate the risk by blocking unauthenticated connections.

Source: https://gbhackers.com/isc-issues-critical-warning-over-kea-dhcp-vulnerability/

Internet Systems Consortium cybersecurity rating report: https://www.rankiteo.com/company/internet-systems-consortium

"id": "INT1774592629",
"linkid": "internet-systems-consortium",
"type": "Vulnerability",
"date": "3/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': 'Enterprise and ISP networks '
                                              'using Kea DHCP server',
                        'industry': 'Technology/Networking',
                        'name': 'Internet Systems Consortium (ISC)',
                        'type': 'Software Vendor'}],
 'attack_vector': 'Remote, unauthenticated API sockets/HA listeners',
 'date_publicly_disclosed': '2026-03-25',
 'description': 'The Internet Systems Consortium (ISC) has issued a '
                'high-severity security advisory for a stack overflow '
                'vulnerability (CVE-2026-3608) in its Kea DHCP server '
                'software, a widely used solution for IP address management in '
                'enterprise and ISP networks. The flaw could allow '
                'unauthenticated remote attackers to crash critical network '
                'services, leading to a complete denial-of-service (DoS). The '
                'vulnerability stems from improper handling of maliciously '
                'crafted messages sent via API sockets or High Availability '
                '(HA) listeners, triggering a stack overflow in multiple Kea '
                'daemons. Exploitation results in an immediate DHCP service '
                'outage, preventing new devices from joining the network and '
                'disrupting lease renewals for existing clients.',
 'impact': {'downtime': 'Immediate DHCP service outage',
            'operational_impact': 'Prevents new devices from joining the '
                                  'network; disrupts lease renewals for '
                                  'existing clients',
            'systems_affected': 'Kea DHCP server (kea-ctrl-agent, '
                                'kea-dhcp-ddns, kea-dhcp4, kea-dhcp6)'},
 'post_incident_analysis': {'corrective_actions': 'Patch vulnerability in '
                                                  'versions 2.6.5 and 3.0.3; '
                                                  'implement TLS mutual '
                                                  'authentication for API '
                                                  'sockets',
                            'root_causes': 'Improper handling of maliciously '
                                           'crafted messages via API sockets '
                                           'or High Availability (HA) '
                                           'listeners, leading to stack '
                                           'overflow'},
 'recommendations': 'Upgrade to patched versions 2.6.5 or 3.0.3 immediately. '
                    'For those unable to patch, secure API sockets with TLS '
                    'mutual authentication (via `cert-required: true`).',
 'references': [{'source': 'Internet Systems Consortium (ISC) Security '
                           'Advisory'},
                {'source': 'CVE-2026-3608'}],
 'response': {'containment_measures': 'Upgrade to patched versions 2.6.5 or '
                                      '3.0.3; secure API sockets with TLS '
                                      'mutual authentication (cert-required: '
                                      'true)',
              'remediation_measures': 'Upgrade to patched versions 2.6.5 or '
                                      '3.0.3'},
 'title': 'Critical Kea DHCP Server Vulnerability Exposes Networks to DoS '
          'Attacks',
 'type': 'Denial-of-Service (DoS)',
 'vulnerability_exploited': 'Stack overflow (CVE-2026-3608)'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.