Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network.
The vulnerability consists of a stack-based buffer overflow (CWE-121) in the Windows DHCP Client component. An attacker can send specially crafted network packets to a vulnerable DHCP client without requiring any authentication. The stack overflow allows overwriting process control data and redirecting execution to code supplied by the attacker. The lack of user interaction requirements and special privileges makes the attack fully automated.
An attacker can gain full control over a vulnerable system through remote code execution (RCE) from the network level, which may lead to breach of confidentiality, integrity, and availability of the system.
Patches available from the manufacturer should be applied according to the references — detailed information about available updates can be found in the Microsoft Security Response Center at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44815. Until the patch is deployed, it is recommended to limit network exposure of vulnerable systems and monitor DHCP traffic on the network.
Microsoft Windows systems with active DHCP Client component — specific versions indicated in the manufacturer's references (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44815)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMicrosoft Windows 10 1607
OSMicrosoft< 10.0.14393.9234Microsoft Windows 10 1809
OSMicrosoft< 10.0.17763.8880Microsoft Windows 10 21h2
OSMicrosoft< 10.0.19044.7417Microsoft Windows 10 22h2
OSMicrosoft< 10.0.19045.7417Microsoft Windows 11 23h2
OSMicrosoft< 10.0.22631.7219Microsoft Windows 11 24h2
OSMicrosoft< 10.0.26100.8655Microsoft Windows 11 25h2
OSMicrosoft< 10.0.26200.8655Microsoft Windows 11 26h1
OSMicrosoft< 10.0.28000.2269Microsoft Windows Server 2012
OSMicrosoftr2Microsoft Windows Server 2016
OSMicrosoft< 10.0.14393.9234Microsoft Windows Server 2019
OSMicrosoft< 10.0.17763.8880Microsoft Windows Server 2022
OSMicrosoft< 10.0.20348.5256Microsoft Windows Server 2025
OSMicrosoft< 10.0.26100.32995
Related vulnerabilities
RCE w Windows Server Update Service (WSUS) — deserializacja danych
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly ...
A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly val...
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properl...
Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows S...