CVE-2026-4748
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
01/04/2026
Last modified:
02/04/2026
Description
A regression in the way hashes were calculated caused rules containing the address range syntax (x.x.x.x - y.y.y.y) that only differ in the address range(s) involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed using the address[/mask-bits] syntax were not affected.<br />
<br />
Some keywords representing actions taken on a packet-matching rule, such as &#39;log&#39;, &#39;return tll&#39;, or &#39;dnpipe&#39;, may suffer from the same issue. It is unlikely that users have such configurations, as these rules would always be redundant.<br />
<br />
Affected rules are silently ignored, which can lead to unexpected behaviour including over- and underblocking.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:* | 14.0 (including) | 14.4 (excluding) |
| cpe:2.3:o:freebsd:freebsd:14.3:-:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:14.3:p1:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:14.3:p2:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:14.3:p3:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:14.3:p4:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:14.3:p5:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:14.3:p6:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:14.3:p7:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:14.3:p8:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:14.3:p9:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:14.4:-:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:14.4:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:15.0:-:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:15.0:p1:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page