CVE-2026-49412

Use-after-free bug in the IPV6_MSFILTER socket option handler

EPSS 0.1%CWE-416

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

27 Jun 2026Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

The kernel handler for IPV6_MSFILTER dropped a serializing lock in order to copy the source-filter list from userspace, then reacquired the lock. During this window another thread could free the multicast filter structure, leaving the handler with a stale pointer to freed memory. An unprivileged local user can exploit this use-after-free to escalate privileges.

Affected products

FreeBSD · FreeBSD

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://security.freebsd.org/advisories/FreeBSD-SA-26:29.ip6_multicast.asc