CVE-2026-56113

CVE-2026-56113 is a medium-severity vulnerability in Dhcpcd Project Dhcpcd with a CVSS 3.x base score of 5.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-416.

Key facts

Description

dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon by sending a crafted DHCPv6 RENEW reply with RFC6603 OPTION_PD_EXCLUDE and both preferred and valid lifetimes set to zero. Attackers acting as or impersonating a DHCPv6 server can trigger dhcp6_deprecatedele() to free a delegated child address while an outer TAILQ_FOREACH_SAFE iterator in dhcp6_deprecateaddrs() still holds the freed pointer, causing a use-after-free when TAILQ_REMOVE is reached.

Frequently asked questions

What is CVE-2026-56113?
dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon by sending a crafted DHCPv6 RENEW reply with RFC6603 OPTION_PD_EXCLUDE and both preferred and valid lifetimes set to zero. Attackers acting as or impersonating a DHCPv6 server can trigger dhcp6_deprecatedele() to free a delegated child address while an outer TAILQ_FOREACH_SAFE iterator in dhcp6_deprecateaddrs() still holds the freed pointer, causing a use-after-free when TAILQ_REMOVE is reached.
How severe is CVE-2026-56113?
CVE-2026-56113 has a CVSS 3.x base score of 5.3, rated medium severity. It is exploitable over an adjacent network with high attack complexity, requires no privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability high.
Is CVE-2026-56113 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (7th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2026-56113?
CVE-2026-56113 affects Dhcpcd Project Dhcpcd. See the affected-products list for the exact vulnerable versions.
How do I fix CVE-2026-56113?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
Does CVE-2026-56113 have an EU (EUVD) identifier?
Yes. CVE-2026-56113 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2026-38491.
When was CVE-2026-56113 published?
CVE-2026-56113 was published on 2026-06-23 and last updated on 2026-06-28.

References

Affected products (1)

More vulnerabilities in Dhcpcd Project Dhcpcd

All CVEs affecting Dhcpcd Project Dhcpcd →

Other CWE-416 (Use After Free) vulnerabilities

Browse all CWE-416 (Use After Free) vulnerabilities →