Vulnerability in Freebsd
CVE-2026-49414
The ELF image activator cleared per-process ASLR preference flags for setuid binaries after the code that computes the PIE base address, rather than before. As a result, a user-requested ASLR disable was still in effect at the point where…
EPSS: 0.002 (8.0th percentile) — read the EPSS interpretation.
Affected products
- Freebsd — versions 15.0-RELEASE, 14.4-RELEASE, 14.3-RELEASE
Weakness classification (CWE)
References
- secteam@freebsd.org (vendor-advisory)