{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/internet-key-exchange-ike-protocol/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-35424"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Internet Key Exchange (IKE) Protocol"],"_cs_severities":["medium"],"_cs_tags":["dos","vulnerability","windows","ike"],"_cs_type":"advisory","_cs_vendors":["Microsoft"],"content_html":"\u003cp\u003eCVE-2026-35424 describes a denial-of-service vulnerability affecting the Windows Internet Key Exchange (IKE) Protocol. The root cause is a failure to release memory after its effective lifetime. An unauthenticated attacker can exploit this vulnerability by sending specially crafted network packets to a vulnerable system, leading to a memory leak. Repeated exploitation exhausts system resources, resulting in a denial-of-service condition. This vulnerability poses a risk to systems relying on IKE for secure communication, potentially disrupting network services and impacting business operations.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a target system running the Windows Internet Key Exchange (IKE) Protocol.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts malicious IKE packets designed to trigger the memory leak.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the crafted packets to the target system over the network, using UDP port 500 or 4500.\u003c/li\u003e\n\u003cli\u003eThe vulnerable IKE service on the target system processes the malicious packets.\u003c/li\u003e\n\u003cli\u003eDue to the missing memory release, the IKE service fails to free allocated memory after processing each packet.\u003c/li\u003e\n\u003cli\u003eRepeated sending of malicious packets leads to a progressive memory leak, consuming available system memory.\u003c/li\u003e\n\u003cli\u003eAs memory resources become exhausted, the system\u0026rsquo;s performance degrades significantly.\u003c/li\u003e\n\u003cli\u003eEventually, the system becomes unresponsive, resulting in a denial-of-service condition, impacting IKE-dependent services.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-35424 leads to a denial-of-service condition on the targeted Windows system. This can disrupt network services that rely on the IKE protocol, such as VPNs and IPsec tunnels. The impact ranges from degraded performance to complete system unresponsiveness, potentially affecting a single machine or an entire network segment depending on the scope of the attack and the system\u0026rsquo;s role.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the security update provided by Microsoft to patch CVE-2026-35424 as detailed in the Microsoft Security Response Center advisory [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35424].\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious IKE packets originating from untrusted sources using the provided network connection Sigma rule.\u003c/li\u003e\n\u003cli\u003eImplement rate limiting on IKE traffic to mitigate the impact of potential exploitation attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-12T18:32:27Z","date_published":"2026-05-12T18:32:27Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-35424-ike-dos/","summary":"CVE-2026-35424 is a denial-of-service vulnerability in the Windows Internet Key Exchange (IKE) Protocol caused by a missing release of memory after its effective lifetime, allowing an unauthenticated remote attacker to trigger a denial of service over a network.","title":"CVE-2026-35424: Windows IKE Protocol Memory Leak Denial-of-Service","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-35424-ike-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — Internet Key Exchange (IKE) Protocol","version":"https://jsonfeed.org/version/1.1"}