CVE-2026-48564
Received Received - Intake

BaseFortify

Vulnerability report for CVE-2026-48564, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-14

Last updated on: 2026-07-14

Assigner: Microsoft Corporation

Description

Heap-based buffer overflow in Windows DHCP Server allows an authorized attacker to execute code over a network.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-14
Last Modified
2026-07-14
Generated
2026-07-14
AI Q&A
2026-07-14
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
microsoft windows_dhcp_server *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-48564 is a heap-based buffer overflow vulnerability in the Windows DHCP Server. This flaw allows an authorized attacker to execute arbitrary code over a network. A heap-based buffer overflow occurs when a program writes more data to a buffer than it can hold, corrupting memory and potentially allowing malicious code execution.

The vulnerability is classified as a remote code execution (RCE) issue, meaning an attacker could exploit it to run commands or software on the affected system without physical access. The attacker must be authorized, indicating they likely have some level of network access or credentials.

Impact Analysis

If you are using a Windows DHCP Server affected by this vulnerability, the impact could be severe. Here are potential consequences:

  • An attacker could gain full control over the affected DHCP server, allowing them to execute malicious code with elevated privileges.
  • The attacker could disrupt network services, leading to downtime or loss of connectivity for devices relying on the DHCP server for IP address assignment.
  • Sensitive data processed or stored by the DHCP server could be accessed, modified, or exfiltrated by the attacker.
  • The attacker could use the compromised server as a foothold to launch further attacks within the network, such as lateral movement or spreading malware.

Given the CVSS base score of 8.8 (Critical), this vulnerability poses a high risk to confidentiality, integrity, and availability of the affected system.

Compliance Impact

This vulnerability could have significant implications for compliance with various standards and regulations, depending on the context of your organization:

  • GDPR (General Data Protection Regulation): If the DHCP server processes or stores personal data of EU citizens, a successful exploit could lead to unauthorized access or disclosure of this data. This may violate GDPR requirements for data protection and breach notification, potentially resulting in fines or legal action.
  • HIPAA (Health Insurance Portability and Accountability Act): For organizations handling protected health information (PHI), exploitation of this vulnerability could compromise the confidentiality and integrity of PHI. This would violate HIPAA's Security Rule, which mandates safeguards for electronic PHI, and could lead to penalties.
  • PCI DSS (Payment Card Industry Data Security Standard): If the DHCP server is part of a cardholder data environment, a breach could expose payment card information. This would violate PCI DSS requirements for securing systems and protecting cardholder data, potentially leading to fines or loss of payment processing capabilities.
  • Other industry-specific regulations: Depending on your sector, this vulnerability could also impact compliance with frameworks like NIST, ISO 27001, or FISMA, which require organizations to maintain secure systems and protect sensitive data.

To maintain compliance, it is critical to apply patches or mitigations for this vulnerability promptly and ensure that all systems handling sensitive data are secured against known threats.

Detection Guidance

The provided context does not include specific detection methods or commands for identifying the presence of CVE-2026-48564 on a network or system. Detection typically involves checking the version of the Windows DHCP Server software or using vulnerability scanning tools that can identify unpatched systems.

To check the version of the Windows DHCP Server, you may use the following command in PowerShell or Command Prompt:

  • Get-WindowsFeature DHCP | Select-Object -Property DisplayName, Installed, Version (PowerShell)
  • sc query dhcpserver (Command Prompt to verify the service status)

For comprehensive detection, use vulnerability scanners like Microsoft Defender for Endpoint, Nessus, or Qualys, which may have plugins or signatures to detect this specific CVE.

Mitigation Strategies

Apply the security update provided by Microsoft to address CVE-2026-48564. The update can be obtained from the Microsoft Update Catalog or through Windows Update.

  • Ensure all Windows DHCP Server instances are updated to the latest patched version.
  • Restrict network access to the DHCP Server to trusted networks or devices if immediate patching is not possible.
  • Monitor for unusual activity on the DHCP Server, as exploitation may involve unauthorized code execution.

Refer to the official Microsoft security guidance for additional mitigation steps or workarounds.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-48564. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart