CVE-2026-45254

6.5 MEDIUM

In the case of the cap_net service, when a key present in the old limit was omitted from the new limit, the missing key was treated as "a...

Published: 2026-05-21 · Last updated: 2026-05-21

Severity and scoring

CVSS: 6.5 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CWE: CWE-269

Affected products

Vendor	Product
freebsd	freebsd

Description

In the case of the cap_net service, when a key present in the old limit was omitted from the new limit, the missing key was treated as "allow any" instead of being rejected. In certain scenarios, an application that had previously restricted a subset of network operations could ask for a new limit that extended the permissions of the process.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-45254
[Vendor advisory]https://security.freebsd.org/advisories/FreeBSD-SA-26:24.cap_net.asc

Related CVEs

Same vendor

CVE-2026-45255 — When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog(1) t... (7.5 HIGH)
CVE-2026-45253 — ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls (8.4 HIGH)
CVE-2026-45252 — When a fusefs file system implements extended attributes, the kernel may send a FUSE_LISTXATTR message to the userspace daemon to retriev... (5.5 MEDIUM)
CVE-2026-45251 — A file descriptor can be closed while a thread is blocked in a poll(2) or select(2) call waiting for that descriptor (7.8 HIGH)
CVE-2026-39461 — libcasper(3) communicates with helper processes via UNIX domain sockets, and uses the select(2) system call to wait for data to become av... (8.8 HIGH)

Same CWE

CVE-2024-38487 — api-gateway container running with root privilege would allow an attacker to escape the container and access host system to perform unint... (7.0 HIGH)
CVE-2026-12313 — Information disclosure, sandbox escape in the Security: Process Sandboxing component (4.7 MEDIUM)
CVE-2026-12289 — Privilege escalation in the Graphics: WebRender component (8.8 HIGH)
CVE-2026-8176 — The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Adminis... (7.5 HIGH)
CVE-2025-9912 — Nokia SR Linux is vulnerable to a local privilege escalation vulnerability (6.3 MEDIUM)