What is CVE-2026-45257?

CVE-2026-45257 is a high-severity vulnerability in Freebsd, classified under Write-what-where Condition. CVSS score: 7.8/10. Published 2026-06-26.

How severe is CVE-2026-45257?

High severity. CVSS v3 base score is 7.8 out of 10.

Vulnerability in Freebsd

CVE-2026-45257

The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile(2), which can reference file-back…

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Freebsd — versions 14.3, 15.0, 14.4-RELEASE

Weakness classification (CWE)

CWE-123 — Write-what-where Condition

References

secteam@freebsd.org (vendor-advisory, Vendor Advisory)
af854a3a-2127-422b-91ae-364da2661108 (Mailing List, Third Party Advisory)
af854a3a-2127-422b-91ae-364da2661108 (Mailing List, Third Party Advisory)
134c704f-9b21-4f2e-91b3-4a467353bcc0 (Third Party Advisory)

Frequently asked questions

What is CVE-2026-45257?: CVE-2026-45257 is a high-severity vulnerability in Freebsd, classified under Write-what-where Condition. CVSS score: 7.8/10. Published 2026-06-26.
How severe is CVE-2026-45257?: High severity. CVSS v3 base score is 7.8 out of 10.