CVE-2026-45254

MEDIUM

FreeBSD 15.0-RELEASE < p9, 14.4-RELEASE < p5, 14.3-RELEASE < p14 - Improper Privilege Management in cap_net Service

Title source: llm

Description

In the case of the cap_net service, when a key present in the old limit was omitted from the new limit, the missing key was treated as "allow any" instead of being rejected. In certain scenarios, an application that had previously restricted a subset of network operations could ask for a new limit that extended the permissions of the process.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://security.freebsd.org/advisories/FreeBSD-SA-26:24.cap_net.asc

Scores

CVSS v3 6.5

EPSS 0.0003

EPSS Percentile 8.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-269

Status published

Products (6)

freebsd/freebsd 14.3 (14 CPE variants)

freebsd/freebsd 14.4 (6 CPE variants)

freebsd/freebsd 15.0 (9 CPE variants)

FreeBSD/FreeBSD 14.3-RELEASE - p14

FreeBSD/FreeBSD 14.4-RELEASE - p5

FreeBSD/FreeBSD 15.0-RELEASE - p9

Published May 21, 2026

Tracked Since May 21, 2026