CVE-2026-48564 – DHCP Server Service Remote Code Execution Vulnerability

CVSS 8.8 IMPORTANT Critical or Zero Day – Immediate Deployment

“A single crafted RPC request can turn a trusted DHCP server into a powerful foothold for an attacker.”

A heap-based buffer overflow vulnerability in the Windows DHCP Server allows an authenticated attacker to execute code over a network. An attacker with low privileges can send a specially crafted RPC call to the DHCP service and potentially trigger memory corruption. Successful exploitation could allow arbitrary code execution with serious consequences for the confidentiality, integrity, and availability of the affected server.

CVSS Score: 8.8

SEVERITY: Critical

THREAT:
This vulnerability affects the Windows DHCP Server Service, a core infrastructure component used to provide network configuration to clients. A successful attack could allow an authenticated attacker to execute code remotely, compromise the DHCP server, disrupt network operations, or use the system as a foothold for further attacks.

EXPLOITS:
The vulnerability was not publicly disclosed at the time of publication. Microsoft assesses exploitation as less likely. The CVSS v3.1 temporal metrics list exploit code maturity as Unproven, and the available information does not confirm the existence of publicly available proof-of-concept exploit code.

TECHNICAL SUMMARY:
The vulnerability is caused by a heap-based buffer overflow (CWE-122) in the Windows DHCP Server. An authenticated attacker can send a specially crafted RPC call to the DHCP service, causing improper memory handling and potential memory corruption. The CVSS v3.1 metrics indicate a network attack vector, low attack complexity, low privileges required, and no user interaction. Successful exploitation could result in high impact to confidentiality, integrity, and availability.

EXPLOITABILITY:
Affected products include Windows 10 versions 1607 and 1809, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022, and Windows Server 2025, including affected Server Core installations. Exploitation requires an authenticated attacker with low privileges who can send a crafted RPC request to the DHCP service.

BUSINESS IMPACT:
DHCP servers are essential to enterprise networking. Successful exploitation could allow attackers to gain control of a critical infrastructure server, disrupt IP address assignment and network connectivity, deploy malware, access sensitive systems, or move laterally through the environment.

WORKAROUND:
No mitigations or workarounds are available.

URGENCY:
This vulnerability should be treated as a high priority because it is rated Critical with a CVSS v3.1 Base Score of 8.8. The flaw is remotely exploitable, requires only low privileges, needs no user interaction, and affects a core enterprise network service.

Key Details

Affected Product
Microsoft Windows 10 1607
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
CWE Classification
CWE-122
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.