CVE-2026-14258: Loop with Unreachable Exit Condition ('Infinite Loop') in Red Hat Red Hat Enterprise Linux 10
CVE-2026-14258 is a vulnerability in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing on Red Hat Enterprise Linux 10. It involves a specially crafted IPv6 Router Advertisement containing a zero-length Neighbor Discovery option that bypasses validation during packet storage and is later reparsed without adequate validation. This causes the parser to enter an infinite loop, resulting in excessive CPU consumption and a denial of service condition.
AI Analysis
Technical Summary
This vulnerability affects the dhcpcd component in Red Hat Enterprise Linux 10. A malformed IPv6 Router Advertisement with a zero-length Neighbor Discovery option can bypass initial validation and be reparsed improperly, causing the parser to enter a non-advancing infinite loop. This leads to excessive CPU usage and potential denial of service. The CVSS 3.1 score is 6.5 (medium severity) with attack vector as adjacent network, low attack complexity, no privileges required, no user interaction, and impact limited to availability.
Potential Impact
Successful exploitation causes excessive CPU consumption on the affected system, leading to denial of service. There is no impact on confidentiality or integrity according to the CVSS vector. The attack requires adjacency to the network and no privileges or user interaction.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-14258 for current remediation guidance. No official fix or temporary workaround is indicated in the provided data. Administrators should monitor the vendor advisory for updates and apply patches once available.
CVE-2026-14258: Loop with Unreachable Exit Condition ('Infinite Loop') in Red Hat Red Hat Enterprise Linux 10
Description
CVE-2026-14258 is a vulnerability in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing on Red Hat Enterprise Linux 10. It involves a specially crafted IPv6 Router Advertisement containing a zero-length Neighbor Discovery option that bypasses validation during packet storage and is later reparsed without adequate validation. This causes the parser to enter an infinite loop, resulting in excessive CPU consumption and a denial of service condition.
CVSS v3.1
Score 6.5medium
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability affects the dhcpcd component in Red Hat Enterprise Linux 10. A malformed IPv6 Router Advertisement with a zero-length Neighbor Discovery option can bypass initial validation and be reparsed improperly, causing the parser to enter a non-advancing infinite loop. This leads to excessive CPU usage and potential denial of service. The CVSS 3.1 score is 6.5 (medium severity) with attack vector as adjacent network, low attack complexity, no privileges required, no user interaction, and impact limited to availability.
Potential Impact
Successful exploitation causes excessive CPU consumption on the affected system, leading to denial of service. There is no impact on confidentiality or integrity according to the CVSS vector. The attack requires adjacency to the network and no privileges or user interaction.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-14258 for current remediation guidance. No official fix or temporary workaround is indicated in the provided data. Administrators should monitor the vendor advisory for updates and apply patches once available.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2026-06-30T15:57:04.334Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/security/cve/CVE-2026-14258","vendor":"Red Hat"}]
Threat ID: 6a44f13827e9c797195bba58
Added to database: 07/01/2026, 10:51:36 UTC
Last enriched: 07/01/2026, 11:06:59 UTC
Last updated: 07/01/2026, 11:13:30 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.