Incorrect libcap_net limitation list manipulation_CVE-2026-45254

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Description

In the case of the cap_net service, when a key present in the old limit was omitted from the new limit, the missing key was treated as "allow any" instead of being rejected.

In certain scenarios, an application that had previously restricted a subset of network operations could ask for a new limit that extended the permissions of the process.

Basic Information

ID CVE-2026-45254

Source freebsd

Published May 21, 2026 at 09:34

Modified May 21, 2026 at 14:37

Affected Product

Vendor FreeBSD

Product FreeBSD

Version 15.0-RELEASE

Affected Versions FreeBSD FreeBSD 15.0-RELEASE
FreeBSD FreeBSD 14.4-RELEASE
FreeBSD FreeBSD 14.3-RELEASE

CWE Classification

CWE-269

References

security.freebsd.org /advisories/FreeBSD-SA-26:24.cap_net.asc

{
    "lastseen": "",
    "description": "In the case of the cap_net service, when a key present in the old limit was omitted from the new limit, the missing key was treated as \"allow any\" instead of being rejected.\n\nIn certain scenarios, an application that had previously restricted a subset of network operations could ask for a new limit that extended the permissions of the process.",
    "published": "2026-05-21T09:34:37.541Z",
    "modified": "2026-05-21T14:37:03.795Z",
    "type": "cve",
    "title": "Incorrect libcap_net limitation list manipulation",
    "source": "freebsd",
    "references": "https://security.freebsd.org/advisories/FreeBSD-SA-26:24.cap_net.asc",
    "id": "CVE-2026-45254",
    "bulletinFamily": "",
    "cwe": [
        "CWE-269"
    ],
    "cvelist": null,
    "sourceData": "FreeBSD FreeBSD 15.0-RELEASE\nFreeBSD FreeBSD 14.4-RELEASE\nFreeBSD FreeBSD 14.3-RELEASE",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FreeBSD",
    "version": "15.0-RELEASE",
    "vendor": "FreeBSD",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}