Changeflow GovPing Data Privacy & Cybersecurity Internet Systems Consortium Kea Vulnerability A...
Priority review Notice Amended Final

Internet Systems Consortium Kea Vulnerability Allows Denial of Service

Favicon for wid.cert-bund.de CERT-Bund Security Advisories
Published March 26th, 2026
Detected March 28th, 2026
Email

Summary

CERT-Bund has issued a security advisory regarding a vulnerability in Internet Systems Consortium Kea, a DHCP server implementation. The vulnerability, with a CVSS base score of 7.5, allows remote attackers to cause a denial of service. Affected versions include Kea <2.6.5 and <3.0.3.

View original document View source feed page

What changed

CERT-Bund has released a security advisory (WID-SEC-2026-0887) detailing a critical vulnerability in Internet Systems Consortium (ISC) Kea, an open-source DHCP server. The vulnerability, rated with a CVSS base score of 7.5 (high), allows remote, anonymous attackers to exploit a flaw to cause a denial of service (DoS) condition. Affected versions are ISC Kea prior to 2.6.5 and prior to 3.0.3.

Organizations utilizing ISC Kea should immediately review their installed versions. Mitigation is available, and affected users are strongly advised to update to a patched version or implement available workarounds to prevent potential service disruptions. The advisory highlights the need for prompt patching to maintain network stability and security.

What to do next

  1. Review installed versions of Internet Systems Consortium Kea
  2. Update ISC Kea to a patched version (>= 2.6.5 or >= 3.0.3)
  3. Implement available mitigations if immediate update is not possible

Source document (simplified)

[WID-SEC-2026-0887] Internet Systems Consortium Kea: Schwachstelle ermöglicht Denial of Service CVSS Base Score 7.5 (hoch) CVSS Temporal Score 6.5 (mittel) Remoteangriff ja Datum 26.03.2026 Stand 27.03.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

  • Linux
  • UNIX

Produktbeschreibung

Internet Systems Consortium (ISC) Kea ist eine Open-Source-DHCP-Server-Implementierung.

Produkte

26.03.2026
- Internet Systems Consortium Kea <2.6.5

  • Internet Systems Consortium Kea <3.0.3

Angriff

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Internet Systems Consortium Kea ausnutzen, um einen Denial of Service Angriff durchzuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben

Related changes

Favicon for wid.cert-bund.de Symantec Data Loss Prevention Privilege Escalation Vulnerability
Priority review Mar 31, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de MongoDB DoS Vulnerability Advisory - CVSS 5.3
Routine Mar 31, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de IBM DataPower Gateway Multiple Vulnerabilities Allow DoS and Data Manipulation
Priority review Mar 31, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for www.bnm.gov.my Administrative Monetary Penalty on BKRM for Cybersecurity and Customer Information Breaches
Priority review Apr 01, 2026 BNM Malaysia Banking & Finance
Favicon for www.ncsc.gov.uk NCSC Warns of Russia Actors Targeting Messaging Apps
Priority review Apr 01, 2026 UK NCSC Alerts & Advisories Data Privacy & Cybersecurity
Favicon for changeflow.com Communication method and apparatus for AI network security
Routine Mar 31, 2026 ChangeBridge: Patent Grants - Networking (H04L) Telecom & Technology

Source

Favicon for wid.cert-bund.de
CERT-Bund Security Advisories wid.cert-bund.de/content/public/securityAdvisory/rss
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CERT-Bund
Published
March 26th, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive
Document ID
WID-SEC-2026-0887

Who this affects

Industry sector
5170 Telecommunications 5182 Data Processing & Hosting
Activity scope
DHCP Services Network Infrastructure Management
Geographic scope
Germany DE

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Network Security Vulnerability Management

Browse Categories

Agriculture & Food Safety 63 AI Regulation 3 Banking & Finance 266 Consumer & Competition 1 Consumer Protection 44 Courts & Legal 360 Data Privacy & Cybersecurity 74 Defense & National Security 52 Education 20 Energy 107 Environment 85 Government & Legislation 326 Healthcare 136 Housing 16 Immigration 9 Insurance 58 Labor & Employment 113 Legal & Courts 1 Pharma & Drug Safety 103 Securities & Markets 104 Tax 65 Tax & Revenue 1 Telecom & Technology 47 Trade & Sanctions 124 Transportation 57

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-Bund Security Advisories publishes new changes.

Optional. Personalizes your daily digest.

Free. Unsubscribe anytime.