CVE-2026-44815 – DHCP Client Service Remote Code Execution Vulnerability

CVE-2026-44815 is a Critical remote code execution vulnerability in the Windows DHCP Client caused by a stack-based buffer overflow. An attacker could send specially crafted network traffic to a system configured for DHCP services. Successful exploitation could allow unauthorized code execution over the network with high impact to confidentiality, integrity, and availability.

CVSS Score: 9.8
SEVERITY: Critical
THREAT:
This vulnerability is dangerous because it is network-accessible, has low attack complexity, and requires no privileges or user interaction according to the CVSS v3.1 metrics. Crafted DHCP-related traffic could trigger memory corruption and lead to remote code execution.

EXPLOITS:
Publicly Disclosed: No.
Exploited: No.
Exploitability Assessment: Exploitation Less Likely.
No public exploit, zero-day exploitation, or proof-of-concept code is confirmed in the provided data.

TECHNICAL SUMMARY:
CVE-2026-44815 is caused by a stack-based buffer overflow, identified as CWE-121, in Windows DHCP Client. Stack-based buffer overflows occur when data exceeds the expected memory boundary on the stack, which can corrupt execution flow and potentially allow attacker-controlled code to run. The CVSS v3.1 metrics show network attack vector, low attack complexity, no privileges required, no user interaction, unchanged scope, and high impact to confidentiality, integrity, and availability.

EXPLOITABILITY:
Affected software includes Windows 10 versions 1607, 1809, 21H2, and 22H2; Windows 11 versions 23H2, 24H2, 25H2, and 26H1; Windows Server 2012, 2012 R2, 2016, 2019, 2022, and 2025, including listed Server Core installations.
Exploitation can occur through specially crafted network traffic sent to affected DHCP-related services.

BUSINESS IMPACT:
This vulnerability creates serious risk because DHCP is a core network function. Successful exploitation could lead to server compromise, malware deployment, data theft, service disruption, and movement deeper into the network. Systems handling DHCP traffic should be treated as high-priority patch targets.

WORKAROUND:
No mitigations or workarounds are listed.
Where patching is delayed, restrict unnecessary DHCP exposure, monitor suspicious network traffic, and limit access to DHCP infrastructure from untrusted networks.

URGENCY:
This patch should be deployed urgently because the vulnerability is Critical, has a CVSS v3.1 score of 9.8, is network-accessible, and requires no user interaction or privileges based on the CVSS metrics. Even though exploitation is assessed as less likely, the possible impact is severe.