Back to overview

CVE-2026-14258

MEDIUM Exploitation: PoC
6.5
CVSS 3.1
Description
A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length Neighbor Discovery option can bypass validation during packet storage and later be reparsed without adequate validation, causing the parser to enter a non-advancing loop. Successful exploitation may result in excessive CPU consumption, leading to a denial of service.

Metadata

CVE ID
CVE-2026-14258
State
PUBLISHED
Assigner
redhat
Reserved
2026-06-30 15:57 UTC
Published
2026-07-01 09:24 UTC
Last updated
2026-07-01 12:20 UTC
Primary CWE
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
Vendor / Product
Red Hat / Red Hat Enterprise Linux 10
Sources
cve.org  ·  NVD

Severity & Metrics

6.5 MEDIUM CVSS 3.1
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
SSVC — CISA Coordinator
Exploitation
PoC
Automatable
no
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
Red Hat Red Hat Enterprise Linux 10
Weakness (CWE)
CWESourceDescription
CWE-835 cna Loop with Unreachable Exit Condition ('Infinite Loop')
CVSS scores (1)
ScoreSeverityVersionSourceVector
6.5 MEDIUM 3.1 cna CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Back to overview