CVE-2026-56159 is a heap-based buffer overflow in the Windows DHCP Server Service that can lead to remote code execution. Microsoft rates it Critical with a CVSS v3.1 base score of 9.8 and temporal score of 8.5. The vector is network-based, with low attack complexity, no privileges required, no user interaction, and unchanged scope; confidentiality, integrity, and availability impacts are all high. Microsoft reports no public disclosure and no known exploitation, with exploit code maturity unproven. The FAQ states an unauthenticated attacker could trigger the issue by sending a specially crafted packet to a DHCP Server configured to provide data for Option 43. This is a high enterprise-risk issue for exposed DHCP services because it is remotely reachable without authentication or user interaction. Highlights: - CVSS scores: Base 9.8 - Temporal 8.5 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts. - Exploitation likelihood: Exploitation Unlikely; despite the network vector, LOW attack complexity and no privileges or user interaction make affected network services more exposed than local-only issues. - Severity for enterprise: Critical for enterprise DHCP servers, especially network-exposed deployments, because remote unauthenticated code execution is possible if the service is reachable. - Patch status: available; customer action required. Affected systems: - Windows 10 1607 - Windows 10 1809 - Windows Server 2012 - Windows Server 2012 R2 - Windows Server 2016 - Windows Server 2019 - Windows Server 2022 - Windows Server 2025