CVE-2026-14258
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk16th percentile — higher than 16% of all known CVEs
Summary
A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length Neighbor Discovery option can bypass validation during packet storage and later be reparsed without adequate validation, causing the parser to enter a non-advancing loop. Successful exploitation may result in excessive CPU consumption, leading to a denial of service.
Risk Assessment
An attacker can remotely overwhelm the target system by sending a single crafted IPv6 packet, leading to CPU exhaustion and disruption of network services.
Recommendation
Immediately update dhcpcd to the latest patched version. If an update is not possible, consider temporarily disabling IPv6 Router Advertisement processing or applying firewall rules to block suspicious packets.
Original NVD description (English source)
A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length Neighbor Discovery option can bypass validation during packet storage and later be reparsed without adequate validation, causing the parser to enter a non-advancing loop. Successful exploitation may result in excessive CPU consumption, leading to a denial of service.

