CVE Catalog

CVE-2026-44932

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.49%

38th percentile - higher than 38% of all known CVEs

Summary

Passing of unsanitized strings from DHCP replies into the wicked dhcp client before version 0.6.79 could be exploited by attackers operating a malicious DHCP server to execute code on the local machine.

Risk Assessment

Attackers could gain remote access to the system, potentially leading to full control over the machine and data leakage.

Recommendation

It is recommended to update the wicked DHCP client to version 0.6.79 or later to mitigate this vulnerability.

Original NVD description (English source)

Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS