CVEFinder.io

CVE-2026-45254

🔶 medium
🔍 Scan for this CVE
Summary

In the case of the cap_net service, when a key present in the old limit was omitted from the new limit, the missing key was treated as "allow any" instead of being rejected. In certain scenarios, an application that had previously restricted a subset of network operations could ask for a new limit that extended the permissions of the process.

CVSS Score
6.5
Medium
EPSS Score
0.0
Exploit Probability
Published Date
2026-05-21
First Seen: 2026-05-22
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 47.8% of all 328,009 vulnerabilities in our database.

#171,192
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 21, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
YES
Can be exploited automatically
💥 Technical Impact
Partial
Limited system impact
🏆 Discovered By
Joshua Rogers of AISLE Research Team
SSVC data provided by CISA
Last Modified 2026-05-21
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CWE IDs (Weakness Types)
CWE-269

📦 Affected Products 3

Vendor Product Status Affected Versions
freebsd freebsd Affected
v14.3
freebsd freebsd Affected
v14.4
freebsd freebsd Affected
v15.0

🔗 References 1

https://security.freebsd.org/advisories/FreeBSD-SA-2...
Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-45250 ⚠️ high 7.8 0.0 The setcred(2) system call is only available to privileged users. However, before the privilege level of the caller is ... 2026-05-21
CVE-2026-39461 ⚠️ high 8.8 0.0 libcasper(3) communicates with helper processes via UNIX domain sockets, and uses the select(2) system call to wait for ... 2026-05-21
CVE-2026-45251 ⚠️ high 7.8 0.0 A file descriptor can be closed while a thread is blocked in a poll(2) or select(2) call waiting for that descriptor. B... 2026-05-21
CVE-2026-45252 🔶 medium 5.5 0.1 When a fusefs file system implements extended attributes, the kernel may send a FUSE_LISTXATTR message to the userspace ... 2026-05-21
CVE-2026-45253 ⚠️ high 8.4 0.0 ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls. As a... 2026-05-21
CVE-2026-45255 ⚠️ high 7.5 0.0 When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and u... 2026-05-21
These CVEs affect the same products