FreeBSD CapNet Allow Any Escalation
CVE-2026-45254 Published on May 21, 2026

Incorrect libcap_net limitation list manipulation
In the case of the cap_net service, when a key present in the old limit was omitted from the new limit, the missing key was treated as "allow any" instead of being rejected. In certain scenarios, an application that had previously restricted a subset of network operations could ask for a new limit that extended the permissions of the process.

Vendor Advisory NVD

Weakness Type

Improper Privilege Management

The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Products Associated with CVE-2026-45254

Want to know whenever a new CVE is published for FreeBSD? stack.watch will email you.

FreeBSD

Affected Versions

FreeBSD:

Version 15.0-RELEASE and below p9 is affected.
Version 14.4-RELEASE and below p5 is affected.
Version 14.3-RELEASE and below p14 is affected.

FreeBSD CapNet Allow Any EscalationCVE-2026-45254 Published on May 21, 2026

Weakness Type

Improper Privilege Management

Products Associated with CVE-2026-45254

Affected Versions

FreeBSD CapNet Allow Any Escalation
CVE-2026-45254 Published on May 21, 2026