What is CVE-2026-4247?

CVE-2026-4247 is a high-severity vulnerability in Freebsd, classified under Missing Release of Memory after Effective Lifetime. CVSS score: 7.5/10. Published 2026-03-26.

How severe is CVE-2026-4247?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Freebsd

CVE-2026-4247

When a challenge ACK is to be sent tcp_respond() constructs and sends the challenge ACK and consumes the mbuf that is passed in. When no challenge ACK should be sent the function returns and leaks the mbuf. If an attacker is either on pa…

EPSS: 0.000 (2.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Freebsd — versions 14.3, 15.0, 14.4-RELEASE

Weakness classification (CWE)

CWE-401 — Missing Release of Memory after Effective Lifetime

References

secteam@freebsd.org (vendor-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2026-4247?: CVE-2026-4247 is a high-severity vulnerability in Freebsd, classified under Missing Release of Memory after Effective Lifetime. CVSS score: 7.5/10. Published 2026-03-26.
How severe is CVE-2026-4247?: High severity. CVSS v3 base score is 7.5 out of 10.