← back
CVE-2026-45253

Missing validation in ptrace(PT_SC_REMOTE)

CVSS 8.4 HIGHEPSS 0.2%CWE-787
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.4EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
21 May 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target process has no special privileges. The missing validation allows an unprivileged local user to escalate privileges, potentially gaining full control of the affected system.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
FreeBSD · FreeBSD

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://security.freebsd.org/advisories/FreeBSD-SA-26:21.ptrace.asc