Security
Windows DHCP Client CVE-2026-44815: unauthenticated RCE on every Windows host (CVSS 9.8)
- Category: Security
- Status: confirmed
- Sources: Threat-Modeling.com June Patch Tuesday, Secure Reading
- Summary: CVE-2026-44815 is a CVSS 9.8 stack-based buffer overflow (CWE-121) in the Windows DHCP Client Service. An attacker operating a rogue DHCP server on the same network segment can send a crafted DHCP response to trigger remote code execution with no credentials and no user interaction. The DHCP client service is present on every Windows installation. No in-the-wild exploitation is confirmed as of 2026-06-12. Patched in the June 2026 Windows cumulative update (KB5094126/KB5094125/KB5094128).
- Why it matters: Every Windows host on a network where an adversary controls a router or DHCP server is vulnerable; the low attack complexity makes this a practical lateral movement vector once any network access is obtained.