CVE-2026-4748

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

01/04/2026

Last modified:

01/04/2026

Description

A regression in the way hashes were calculated caused rules containing the address range syntax (x.x.x.x - y.y.y.y) that only differ in the address range(s) involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed using the address[/mask-bits] syntax were not affected.<br /> <br /> Some keywords representing actions taken on a packet-matching rule, such as &#39;log&#39;, &#39;return tll&#39;, or &#39;dnpipe&#39;, may suffer from the same issue. It is unlikely that users have such configurations, as these rules would always be redundant.<br /> <br /> Affected rules are silently ignored, which can lead to unexpected behaviour including over- and underblocking.

Impact

Vector 3.x

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS v3.1 Severity and Metrics:

Base Score: 7.50 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): None
Availability (A): None

Base Score 3.x

7.50

Severity 3.x

HIGH

References to Advisories, Solutions, and Tools

https://security.freebsd.org/advisories/FreeBSD-SA-26:09.pf.asc