What is CVE-2026-45254?

CVE-2026-45254 is a medium-severity vulnerability in Freebsd, classified under Improper Privilege Management. CVSS score: 6.5/10. Published 2026-05-21.

How severe is CVE-2026-45254?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Privilege escalation in Freebsd

CVE-2026-45254

In the case of the cap_net service, when a key present in the old limit was omitted from the new limit, the missing key was treated as "allow any" instead of being rejected. In certain scenarios, an application that had previously restric…

Vulnerability class: Privilege Escalation

EPSS: 0.000 (15.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N.

Affected products

Freebsd — versions 14.3, 15.0, 14.4-RELEASE

Weakness classification (CWE)

CWE-269 — Improper Privilege Management

References

secteam@freebsd.org (vendor-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2026-45254?: CVE-2026-45254 is a medium-severity vulnerability in Freebsd, classified under Improper Privilege Management. CVSS score: 6.5/10. Published 2026-05-21.
How severe is CVE-2026-45254?: Medium severity. CVSS v3 base score is 6.5 out of 10.