CVE-2026-14258

Publication date 1 July 2026

Last updated 1 July 2026


Ubuntu priority

Cvss 3 Severity Score

6.5 · Medium

Score breakdown

Description

A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length Neighbor Discovery option can bypass validation during packet storage and later be reparsed without adequate validation, causing the parser to enter a non-advancing loop. Successful exploitation may result in excessive CPU consumption, leading to a denial of service.

Status

Package Ubuntu Release Status
dhcpcd 26.04 LTS resolute
Needs evaluation
25.10 questing Ignored end of life, was needs-triage
24.04 LTS noble
Needs evaluation
22.04 LTS jammy Not in release

Severity score breakdown

CVSS version: CVSS v3.0

Base score 6.5 · Medium

Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H


Access our resources on patching vulnerabilities