CVE-2026-54128 – Windows DHCP Client Remote Code Execution Vulnerability

CVSS 8.4 IMPORTANT Critical or Zero Day – Immediate Deployment

“A flaw in a core networking service can turn an everyday connection into the starting point for a serious system compromise.”

A use-after-free vulnerability in the Windows DHCP Client allows an unauthorized attacker to execute code locally. Successful exploitation could allow arbitrary code execution, potentially giving an attacker control over the affected system and enabling compromise of sensitive data, system integrity, and service availability.

CVSS Score: 8.4

SEVERITY: Critical

THREAT:
This vulnerability affects the Windows DHCP Client, a core networking component responsible for obtaining network configuration information. A successful attack could allow arbitrary code execution, enabling an attacker to install malware, steal sensitive information, alter system settings, or use the compromised device as a foothold for further attacks.

EXPLOITS:
The vulnerability was not publicly disclosed at the time of publication. Microsoft assesses exploitation as more likely. The CVSS v3.1 temporal metrics list exploit code maturity as Unproven, and the available information does not confirm the existence of publicly available proof-of-concept exploit code.

TECHNICAL SUMMARY:
The vulnerability is caused by a use-after-free condition (CWE-416) in the Windows DHCP Client. The flaw occurs when the component accesses memory after it has already been released, creating memory corruption conditions that may allow arbitrary code execution. The CVSS v3.1 metrics identify a local attack vector, low attack complexity, no privileges required, and no user interaction. Successful exploitation has high impact on confidentiality, integrity, and availability.

EXPLOITABILITY:
Affected products include supported editions of Windows 10 versions 1607, 1809, 21H2, and 22H2, Windows 11 versions 24H2, 25H2, and 26H1, and Windows Server 2012, 2012 R2, 2016, 2019, 2022, and 2025, including affected Server Core installations. The available information does not describe the exact exploitation sequence beyond confirming local code execution.

BUSINESS IMPACT:
Because the DHCP Client is a fundamental Windows networking service, successful exploitation could result in endpoint compromise, unauthorized access to business data, malware deployment, service disruption, and lateral movement within enterprise environments.

WORKAROUND:
No mitigations or workarounds are available.

URGENCY:
This vulnerability should be prioritized because it is rated Critical with a CVSS v3.1 Base Score of 8.4. Microsoft assesses exploitation as more likely, and successful exploitation can result in arbitrary code execution with high impact on confidentiality, integrity, and availability.

Key Details

Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
CWE Classification
CWE-416
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.