Code Execution Vulnerability in Wicked DHCP Client by SUSE
CVE-2026-44932

8.8HIGH

Key Information:

Vendor

Suse
Status
Wicked
Vendor
CVE Published:
16 June 2026

What is CVE-2026-44932?

The Wicked DHCP Client, prior to version 0.6.79, is susceptible to code execution vulnerabilities due to unsanitized string handling from DHCP replies. Attackers leveraging malicious DHCP servers can exploit this flaw to execute arbitrary code on the target machine, compromising system integrity and security.

Affected Version(s)

wicked 0 < 0.6.79

References

https://bugzilla.suse.com/show_bug.cgi?id=1265221
issue-tracking
https://github.com/openSUSE/wicked/releases/tag/version-0...
release-notes
https://lists.suse.com/pipermail/sle-security-updates/202...
vendor-advisory

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Wolfgang Frisch using Claude Opus
.