Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3239 articles · 170280 vulns · 37/41 feeds (7d)
← Back to list
6.5
CVE-2026-14258EXPLOITED
red hat · red hat enterprise linux

Dhcpcd: dhcpcd infinite loop and out-of-bounds read via zero-length ipv6 nd option in router advertisement handling

Description

A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length Neighbor Discovery option can bypass validation during packet storage and later be reparsed without adequate validation, causing the parser to enter a non-advancing loop. Successful exploitation may result in excessive CPU consumption, leading to a denial of service.

Affected Products

VendorProductVersions
red hatred hat enterprise linux—

References

  • https://access.redhat.com/security/cve/CVE-2026-14258(vdb-entry, x_refsource_REDHAT)
  • https://bugzilla.redhat.com/show_bug.cgi?id=2462305(issue-tracking, x_refsource_REDHAT)
  • https://github.com/NetworkConfiguration/dhcpcd/commit/75289ca
  • https://github.com/NetworkConfiguration/dhcpcd/issues/415

Related News (2 articles)

Tier A
Microsoft MSRC2h ago
CVE-2026-14258 Dhcpcd: dhcpcd infinite loop and out-of-bounds read via zero-length ipv6 nd option in router advertisement handling
→ No new info (linked only)
Tier C
VulDB1d ago
CVE-2026-14258 | Red Hat Enterprise Linux 10 Router Advertisement infinite loop (ID 415)
→ No new info (linked only)
CVSS 3.16.5 NONE
CISA KEV❌ No
Actively exploited✅ Yes
CWECWE-835
PublishedJul 1, 2026
Last enriched1d agov2
Tags
remote code executionfile manipulationdenial of servicemultiple vulnerabilities
Trending Score59
Source articles2
Independent2
Info Completeness7/14
Missing: cvss, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

HIGHCVE-2026-55628EXP
ImageMagick: Policy Bypass in concatenate operation due to missing checks
Trending: 52
HIGHCVE-2026-12505EXP
Cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall
Trending: 39
NONECVE-2026-54369EXP
acl < 2.4.0 Symlink Traversal Privilege Escalation via libacl Functions
Trending: 37
NONECVE-2026-58013EXP
Glib: buffer over-read in glib/giochannel.c via "g_io_channel_read_line_backend"
Trending: 36
NONECVE-2026-12388EXP
Keycloak-broker: keycloak: privilege escalation to realm administrator via improper authorization in identity provider mapper
Trending: 35

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 1, 2026
Discovered by ZDM
Jul 1, 2026
Updated: description, affectedVersions, severity
Jul 1, 2026
Actively Exploited
Jul 1, 2026
Exploit Available
Jul 1, 2026

Version History

v2
Last enriched 1d ago
v2Tier C1d ago

Updated product to 'Red Hat Enterprise Linux 10', changed severity to HIGH, and provided a more detailed description of the vulnerability.

descriptionaffectedVersionsseverity
via VulDB
v11d ago

Initial creation