PatchSiren cyber security CVE debrief
CVE-2026-44932 SUSE CVE debrief
CVE-2026-44932 is a HIGH severity vulnerability with a CVSS score of 8.8. The vulnerability exists in the wicked DHCP client before version 0.6.79, where unsanitized strings from DHCP replies can be used by attackers operating a malicious DHCP server to execute code on the local machine. The vulnerability was published on [cvePublishedAt] and last modified on [cveModifiedAt].
- Vendor
- SUSE
- Product
- wicked
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-18
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-18
Who should care
Users of wicked DHCP client before version 0.6.79 should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability is caused by the passing of unsanitized strings from DHCP replies into the wicked DHCP client. This can be exploited by attackers operating a malicious DHCP server to execute code on the local machine.
Defensive priority
HIGH
Recommended defensive actions
- Update wicked to version 0.6.79 or later.
- Use a secure DHCP server.
- Monitor network traffic for suspicious activity.
Evidence notes
The vendor is listed as Unknown Vendor, but evidence suggests the product is related to Suse.
Official resources
CVE-2026-44932 was published on 2026-06-16T17:16:40.953Z and last modified on 2026-06-16T17:37:16.933Z.