PatchSiren cyber security CVE debrief
CVE-2026-56116 NetworkConfiguration CVE debrief
CVE-2026-56116 is a memory leak vulnerability in dhcpcd through 10.3.2, fixed in commit 708b4a5. An unauthenticated same-link attacker can cause denial of service by sending crafted Router Advertisements. The vulnerability is caused by the IPv6 Router Advertisement route information handling. Attackers can repeatedly send Router Advertisements containing Route Information options with a lifetime of zero, triggering unfreed allocations in routeinfo_findalloc() that cause linear memory exhaustion and eventual daemon crash. This issue has a CVSS score of 7.1 and is classified as HIGH severity. The CVE was published on 2026-06-23T17:17:09.410Z and last modified on 2026-06-23T18:18:10.367Z.
- Vendor
- NetworkConfiguration
- Product
- dhcpcd
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-23
- Original CVE updated
- 2026-06-23
- Advisory published
- 2026-06-23
- Advisory updated
- 2026-06-23
Who should care
Network administrators and security teams responsible for managing dhcpcd installations should be aware of this vulnerability. This vulnerability can be exploited by an unauthenticated same-link attacker, which makes it a significant concern for organizations with exposed dhcpcd instances. The vulnerability's impact is limited to denial of service, but it could be used as a vector for further exploitation.
Technical summary
The vulnerability is located in the IPv6 Router Advertisement route information handling of dhcpcd. When an attacker sends a crafted Router Advertisement with a Route Information option that has a lifetime of zero, it triggers an unfreed allocation in the routeinfo_findalloc() function. This results in a memory leak that can cause linear memory exhaustion and eventually lead to a daemon crash. The CVSS vector for this vulnerability is CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
This vulnerability has a HIGH severity score and can be exploited by an unauthenticated attacker. Therefore, it is essential to prioritize patching or mitigating this vulnerability as soon as possible. Network administrators should review their dhcpcd installations and apply the necessary patches or updates.
Recommended defensive actions
- Apply the patch from commit 708b4a5 to dhcpcd installations.
- Implement network segmentation to limit the attack surface.
- Monitor dhcpcd logs for suspicious Router Advertisement activity.
- Consider implementing rate limiting for Router Advertisements.
- Perform regular vulnerability scans to detect potential exploitation attempts.
Evidence notes
The CVE-2026-56116 vulnerability was reported by Vulncheck and is publicly disclosed. The vulnerability affects dhcpcd versions up to 10.3.2 and is fixed in commit 708b4a5. The CVSS score for this vulnerability is 7.1, indicating a HIGH severity level. The vulnerability allows an unauthenticated same-link attacker to cause denial of service.
Official resources
This article is AI-assisted and based on the supplied source corpus.