Main Vulnerability Database Vulnerabilities #VU134366

Improper access control in FreeBSD - CVE-2026-45259

Published: June 11, 2026

Vulnerability identifier: #VU134366

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-45259

CWE-ID: CWE-284

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: FreeBSD Foundation

Affected software:
FreeBSD

Detailed vulnerability description

The vulnerability allows a local user to interfere with other processes.

The vulnerability exists due to improper access control in kern_sigqueue when sending signals via sigqueue(2) from a process in capability mode. A local user can send signals to processes other than the calling process to interfere with other processes.

This issue allows bypass of Capsicum sandbox restrictions and may affect processes running as the same user, or any process if the sandboxed process runs with superuser privileges.

How to mitigate CVE-2026-45259

Install security update from vendor's website.

Sources

https://cgit.freebsd.org/src/commit/?id=defd9b86ef99

Improper access control in FreeBSD - CVE-2026-45259

Detailed vulnerability description

How to mitigate CVE-2026-45259

Sources

Please verify you're human