← voltar
CVE-2026-45254

Incorrect libcap_net limitation list manipulation

CVSS 6.5 MEDIUMEPSS 0.2%CWE-269
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6.5EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
21 mai 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
In the case of the cap_net service, when a key present in the old limit was omitted from the new limit, the missing key was treated as "allow any" instead of being rejected. In certain scenarios, an application that had previously restricted a subset of network operations could ask for a new limit that extended the permissions of the process.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Produtos afetados
FreeBSD · FreeBSD

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://security.freebsd.org/advisories/FreeBSD-SA-26:24.cap_net.asc