DHCP Client Service Remote Code Execution Vulnerability

Description

Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network.

Affected Products

Vendor	Product	Versions
Microsoft	Windows 10 Version 1607	10.0.14393.0, 10.0.17763.0, 10.0.19044.0, 10.0.19045.0, 10.0.22631.0, 10.0.22631.0, 10.0.26100.0, 10.0.26200.0, 10.0.28000.0, 6.2.9200.0, 6.2.9200.0, 6.3.9600.0, 6.3.9600.0, 10.0.14393.0, 10.0.14393.0, 10.0.17763.0, 10.0.17763.0, 10.0.20348.0, 10.0.26100.0, 10.0.26100.0

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
microsoft	windows 11 version 24h2	mitre_affected	90%
microsoft	windows server 2019 (server core installation)	mitre_affected	90%
microsoft	windows 11 version 23h2	mitre_affected	90%
microsoft	windows server 2016 (server core installation)	mitre_affected	90%
microsoft	windows 10 version 21h2	mitre_affected	90%

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44815(vendor-advisory, patch)

Related News (3 articles)

Tier C

Qualys Blog1h ago

Microsoft and Adobe Patch Tuesday, June 2026 Security Update Review

→ No new info (linked only)

Tier C

VulDB4h ago

CVE-2026-44815 | Microsoft Windows up to Server 2025 DHCP Client Service stack-based overflow

→ No new info (linked only)

Tier A

Microsoft MSRC8h ago

CVE-2026-44815 DHCP Client Service Remote Code Execution Vulnerability

→ No new info (linked only)

CVSS 3.19.8 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

10.0.14393.923410.0.17763.888010.0.19044.741710.0.19045.741710.0.22631.721910.0.26100.865510.0.26200.865510.0.28000.22696.2.9200.261326.3.9600.2322810.0.20348.525610.0.26100.32995

CWECWE-121

PublishedJun 9, 2026

Last enriched5h agov2

Trending Score65

Source articles3

Independent3

Info Completeness9/14

Missing: title, epss, kev, iocs, mitre_attack