CVE-2026-56117 NetworkConfiguration CVE debrief

Who should care

System administrators and security teams responsible for managing and securing systems that use dhcpcd should be aware of this vulnerability. This includes Linux distributions, network administrators, and organizations that rely on dhcpcd for dynamic host configuration. Additionally, security researchers and penetration testers may be interested in this vulnerability for testing and validation purposes.

Technical summary

The vulnerability is caused by a heap use-after-free condition in the control socket handling within src/control.c of dhcpcd. When an attacker connects to the control socket and sends a privileged command, such as -x, it triggers control_recvdata() to free the client object. If a subsequent READ+HANGUP event reaches control_hangup() with the stale pointer, it results in a use-after-free condition. This vulnerability can be exploited in deployments where privilege separation is disabled (--disable-privsep) or where privilege separation initialization has failed, and the control socket operates in mode 0666.

Defensive priority

Apply patches or updates to dhcpcd version 10.3.3 or later, which includes the fix for this vulnerability. In the absence of an update, consider using privilege separation and ensuring the control socket does not operate in mode 0666.

Recommended defensive actions

• Apply patches or updates to dhcpcd version 10.3.3 or later.
• Enable privilege separation if not already in use.
• Restrict access to the control socket to prevent unauthorized connections.
• Monitor systems for suspicious activity related to dhcpcd.
• Perform regular vulnerability assessments and penetration testing to identify potential exploitation vectors.

Evidence notes

The CVE record and NVD detail provide official information about the vulnerability. Additional sources, including Vulncheck, have analyzed and disclosed details about the vulnerability. The vulnerability has been fixed in commit 78ea09e of dhcpcd.

Official resources