CVE-2026-50370 – DHCP Server Service Remote Code Execution Vulnerability
“A vulnerability in a core network service can turn a trusted server into an attacker’s strongest foothold.”
A heap-based buffer overflow combined with improper input validation in the Windows DHCP Server Service allows an unauthorized attacker to execute arbitrary code over an adjacent network. By sending specially crafted network traffic to a vulnerable DHCP server, an attacker may trigger memory corruption that results in remote code execution. Because DHCP servers are fundamental to enterprise networking, compromising one could have significant operational and security consequences.
CVSS Score: 8.8
SEVERITY: Critical
THREAT:
This vulnerability affects the Windows DHCP Server Service, a critical network infrastructure component that provides IP address assignment and network configuration to clients. Successful exploitation could allow an attacker to execute arbitrary code on the DHCP server, potentially leading to full system compromise, disruption of network services, and further attacks against connected systems.
EXPLOITS:
The vulnerability was not publicly disclosed and was not known to be exploited at the time of publication. Microsoft rates exploitation as Exploitation More Likely. The CVSS v3.1 temporal metrics list exploit code maturity as Unproven, and there is no confirmation of publicly available proof-of-concept exploit code.
TECHNICAL SUMMARY:
The vulnerability is caused by a heap-based buffer overflow (CWE-122) and improper input validation (CWE-20) in the Windows DHCP Server Service. According to Microsoft’s advisory, an attacker can exploit the flaw by sending specially crafted network traffic to a server configured as a DHCP Server, causing memory corruption that could lead to arbitrary code execution. The CVSS v3.1 metrics indicate the attack is performed from an adjacent network (AV:A), requires low attack complexity, no privileges, and no user interaction, with potential impact to confidentiality, integrity, and availability.
EXPLOITABILITY:
Affected products include Windows 10 versions 1607 and 1809, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022, and Windows Server 2025, including affected Server Core installations. Exploitation requires network access from the same network segment as the vulnerable DHCP server.
BUSINESS IMPACT:
A successful attack against a DHCP server could compromise a critical infrastructure service that supports enterprise networking. Attackers could gain control of the server, disrupt network operations, establish persistence, or use the compromised system as a launching point for lateral movement throughout the environment.
WORKAROUND:
No mitigations or workarounds are available.
URGENCY:
This vulnerability requires prompt deployment because it carries a Critical severity rating with a CVSS v3.1 Base Score of 8.8. Although exploitation is limited to an adjacent network, it requires no privileges or user interaction and targets a critical enterprise infrastructure service. Applying the security update reduces the risk of server compromise and network-wide impact.
Key Details
- Attack Vector
- Adjacent
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-20