FreeBSD Kernel Operator Precedence Bug Enables Privilege Escalation via execve Overflow
CVE-2026-7270 Published on April 30, 2026
Local privilege escalation via execve()
An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve(2) argument buffers.
The bug may be exploitable by an unprivileged user to obtain superuser privileges.
Vulnerability Analysis
CVE-2026-7270 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Operator Precedence Logic Error
The program uses an expression in which operator precedence causes incorrect logic to be used. While often just a bug, operator precedence logic errors can have serious consequences if they are used in security-critical code, such as making an authentication decision.
Products Associated with CVE-2026-7270
Want to know whenever a new CVE is published for FreeBSD? stack.watch will email you.
Affected Versions
FreeBSD:- Version 15.0-RELEASE and below p7 is affected.
- Version 14.4-RELEASE and below p3 is affected.
- Version 14.3-RELEASE and below p12 is affected.
- Version 13.5-RELEASE and below p13 is affected.