Memory Leak Vulnerability in dhcpcd Affects Network Configuration
CVE-2026-56116

7.1HIGH

Key Information:

Vendor: Networkconfiguration
Status: Dhcpcd
Vendor: CVE Published:; 23 June 2026

🔔 Create Networkconfiguration Vulnerability Alert

What is CVE-2026-56116?

The dhcpcd service, utilized for network configuration, is susceptible to a memory leak vulnerability due to improper handling of IPv6 Router Advertisements. An unauthenticated attacker on the same link can exploit this vulnerability by sending specially crafted Router Advertisements. These advertisements can include Route Information options with a lifetime set to zero, resulting in unfreed memory allocations within the routeinfo_findalloc() function. This flawed memory management can lead to linear memory exhaustion, ultimately causing the daemon to crash and impacting network availability.

Affected Version(s)

dhcpcd 0 <= 10.3.2

dhcpcd 708b4a56bae080a5b18c2e0c4c6fbe103131a2b0

References

https://github.com/NetworkConfiguration/dhcpcd/commit/708...

patch

https://www.vulncheck.com/advisories/dhcpcd-memory-leak-d...

third-party-advisory

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2026
Vulnerability Reserved
Jun 18, 2026

Credit

CuB3y0nd

VulnCheck

CVE-2026-56116 Data

JSON