Kea

This hub aggregates every CVE we track for Kea, a product in the networking infrastructure space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 11 most recently published vulnerabilities affecting Kea.

• CVE-2026-3608Stack overflow in Kea daemons7.5Mar 25, 2026
• CVE-2025-11232Invalid characters cause assert7.5Oct 29, 2025
• CVE-2025-40779Kea crash upon interaction between specific client options and subnet selection7.5Aug 27, 2025
• CVE-2025-32803Insecure file permissions can result in confidential information leakage4.0May 28, 2025
• CVE-2025-32802Insecure handling of file paths allows multiple local attacks6.1May 28, 2025
• CVE-2025-32801Loading a malicious hook library can lead to local privilege escalation7.8May 28, 2025
• CVE-2019-6473A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate6.5Oct 16, 2019
• CVE-2019-6472A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate6.5Oct 16, 2019
• CVE-2019-6474A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate5.7Oct 16, 2019
• CVE-2018-5739Failure to release memory may exhaust system resources6.5Jan 16, 2019
• CVE-2015-8373The kea-dhcp4 and kea-dhcp6 servers 0.9.2 and 1.0.0-beta in ISC Kea, when certain debugging settings are used, allow remote attackers to cause a denial of service (daemon crash) via a malformed pac...6.8Dec 22, 2015