Privilege escalation in Freebsd
CVE-2026-49413
The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the P_SUGID process flag. During execve(2), this flag is not yet set at the point where the auxiliary vector is constructed, so AT_SECURE was incorrec…
EPSS: 0.001 (3.8th percentile) — read the EPSS interpretation.
Affected products
- Freebsd — versions 15.0-RELEASE, 14.4-RELEASE, 14.3-RELEASE
Weakness classification (CWE)
References
- secteam@freebsd.org (vendor-advisory)