kea-doc (AlmaLinux:10) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:10 package kea-doc, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2025-32801 — CVSS 7.8 (high): Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the…
CVE-2025-11232 — CVSS 7.5 (high): To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting…
CVE-2026-3608 — CVSS 7.5 (high): Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket…
CVE-2025-32802 — CVSS 6.1 (medium): Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common…
CVE-2025-32803 — CVSS 4.0 (medium): In some cases, Kea log files or lease files may be world-readable. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through…