CVE-2026-45254

Severity CVSS v4.0:

Pending analysis

Type:

CWE-269 Improper Privilege Management

Publication date:

21/05/2026

Last modified:

21/05/2026

Description

In the case of the cap_net service, when a key present in the old limit was omitted from the new limit, the missing key was treated as "allow any" instead of being rejected.<br /> <br /> In certain scenarios, an application that had previously restricted a subset of network operations could ask for a new limit that extended the permissions of the process.

Impact

References to Advisories, Solutions, and Tools

https://security.freebsd.org/advisories/FreeBSD-SA-26:24.cap_net.asc