ISC Kea Vulnerability Allows Remote Denial of Service
Summary
CERT-FR has issued an advisory regarding a remote denial-of-service vulnerability (CVE-2026-3608) in ISC Kea software. Affected versions include Kea 2.6.x prior to 2.6.5 and 3.0.x prior to 3.0.3. Users are advised to consult the vendor's security bulletin for patch information.
What changed
CERT-FR, the French national cybersecurity agency, has published an advisory (CERTFR-2026-AVI-0356) detailing a critical vulnerability, CVE-2026-3608, discovered in ISC Kea software. This vulnerability allows a remote attacker to cause a denial-of-service condition, potentially disrupting network services. The advisory specifically identifies Kea versions 2.6.x prior to 2.6.5 and 3.0.x prior to 3.0.3 as affected.
Organizations utilizing the affected versions of ISC Kea must immediately refer to the ISC BIND security bulletin (kb.isc.org/v1/docs/cve-2026-3608) for instructions on applying the necessary patches or updates. Failure to address this vulnerability could lead to service disruptions and potential security breaches. While no specific compliance deadline is stated, prompt remediation is strongly recommended to mitigate the risk of denial-of-service attacks.
What to do next
- Consult ISC BIND security bulletin for patch information regarding CVE-2026-3608.
- Apply necessary patches or updates to ISC Kea versions 2.6.x prior to 2.6.5 and 3.0.x prior to 3.0.3.
- Review network configurations for potential exploitation vectors.
Archived snapshot
Mar 25, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
Premier Ministre S.G.D.S.N
Agence nationale
de la sécurité des
systèmes d'information
Paris, le 25 mars 2026 N° CERTFR-2026-AVI-0356 Affaire suivie par: CERT-FR
Avis du CERT-FR
Objet: Vulnérabilité dans ISC Kea
Gestion du document
| Référence | CERTFR-2026-AVI-0356 |
| Titre | Vulnérabilité dans ISC Kea |
| Date de la première version | 25 mars 2026 |
| Date de la dernière version | 25 mars 2026 |
| Source(s) | Bulletin de sécurité ISC BIND cve-2026-3608 du 25 mars 2026 |
Une gestion de version détaillée se trouve à la fin de ce document.
Risque
- Déni de service à distance
Systèmes affectés
- Kea versions 2.6.x antérieures à 2.6.5
- Kea versions 3.0.x antérieures à 3.0.3
Résumé
Une vulnérabilité a été découverte dans ISC Kea. Elle permet à un attaquant de provoquer un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Documentation
- Bulletin de sécurité ISC BIND cve-2026-3608 du 25 mars 2026
- https://kb.isc.org/v1/docs/cve-2026-3608
- Référence CVE CVE-2026-3608
- https://www.cve.org/CVERecord?id=CVE-2026-3608
Gestion détaillée du document
- le 25 mars 2026 Version initiale
Named provisions
Related changes
Get daily alerts for CERT-FR Security Advisories
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from CERT-FR.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when CERT-FR Security Advisories publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.