Isc Kea
10 CVEs affecting Isc Kea. Latest disclosed: 2026-03-25. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-32801 | High | 7.8 | 2025-05-28 | Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unse… |
CVE-2026-3608 | High | 7.5 | 2026-03-25 | Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can c… |
CVE-2025-11232 | High | 7.5 | 2025-10-29 | To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "[^A-Za-z0-… |
CVE-2025-40779 | High | 7.5 | 2025-08-27 | If a DHCPv4 client sends a request with some specific options, and Kea fails to find an appropriate subnet for the client, the `kea-dhcp4` process will abort w… |
CVE-2015-8373 | Medium | 6.8 | 2015-12-22 | The kea-dhcp4 and kea-dhcp6 servers 0.9.2 and 1.0.0-beta in ISC Kea, when certain debugging settings are used, allow remote attackers to cause a denial of serv… |
CVE-2019-6473 | Medium | 6.5 | 2019-10-16 | An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process (kea-dhcp4), causing the server process to exit. Versions affected… |
CVE-2019-6472 | Medium | 6.5 | 2019-10-16 | A packet containing a malformed DUID can cause the Kea DHCPv6 server process (kea-dhcp6) to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0… |
CVE-2025-32802 | Medium | 6.1 | 2025-05-28 | Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as ro… |
CVE-2019-6474 | Medium | 5.7 | 2019-10-16 | A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as in… |
CVE-2025-32803 | Medium | 4.0 | 2025-05-28 | In some cases, Kea log files or lease files may be world-readable. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through… |