CVE-2026-50518 – Windows DHCP Server Remote Code Execution Vulnerability
“When a critical network service accepts malicious traffic, one packet can become the gateway to a full server compromise.”
A heap-based buffer overflow vulnerability in the Windows DHCP Server allows an unauthorized attacker to execute arbitrary code over the network. By sending specially crafted network requests containing malicious domain name data, an attacker can trigger memory corruption due to improper validation of incoming data. Because DHCP servers are core infrastructure services that support enterprise networking, successful exploitation could have a significant impact across the environment.
CVSS Score: 9.8
SEVERITY: Critical
THREAT:
This vulnerability affects the Windows DHCP Server, a critical infrastructure service responsible for providing IP address assignment and network configuration to client systems. Successful exploitation could allow an unauthenticated attacker to remotely execute arbitrary code, potentially leading to complete server compromise, disruption of network services, and further attacks against connected systems.
EXPLOITS:
The vulnerability was not publicly disclosed and was not known to be exploited at the time of publication. Microsoft rates exploitation as Exploitation More Likely. The CVSS v3.1 temporal metrics list exploit code maturity as Unproven, and there is no confirmation of publicly available proof-of-concept (PoC) exploit code.
TECHNICAL SUMMARY:
The vulnerability is caused by a heap-based buffer overflow (CWE-122) in the Windows DHCP Server. According to Microsoft’s advisory, an attacker can exploit the flaw by sending specially crafted network requests containing malicious domain name data to a vulnerable server. Because the affected function does not correctly validate the size of incoming data, malformed input can corrupt memory, potentially allowing arbitrary code execution. The CVSS v3.1 metrics indicate that exploitation is network-based, requires low attack complexity, no privileges, and no user interaction, with the potential to impact confidentiality, integrity, and availability.
EXPLOITABILITY:
Affected products include Windows 10 versions 1607 and 1809, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022, and Windows Server 2025, including affected Server Core installations. An attacker can exploit the vulnerability remotely by sending specially crafted network requests to a vulnerable DHCP server.
BUSINESS IMPACT:
Compromising a DHCP server can have enterprise-wide consequences because it is a foundational network service. A successful attack could allow attackers to gain control of a critical server, disrupt client connectivity, establish persistence, move laterally through the environment, or deploy additional malicious payloads across the network.
WORKAROUND:
No mitigations or workarounds are available.
URGENCY:
This vulnerability requires immediate attention because it carries a Critical severity rating with a CVSS v3.1 Base Score of 9.8. It is remotely exploitable over the network without authentication or user interaction and affects a critical infrastructure service. Prompt deployment of the security update is essential to reduce the risk of server compromise.
Key Details
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-122