Improper Authorization in FreeBSD - CVE-2026-49421
Published: July 1, 2026
FreeBSD
Detailed vulnerability description
The vulnerability allows a local user to delete files outside the intended directory tree.
The vulnerability exists due to improper access control in unlinkat(2) and funlinkat(2) when processing paths with the AT_RESOLVE_BENEATH flag. A local user can supply a path that resolves above the starting directory to delete files outside the intended directory tree.
The issue occurs because the flag is validated but not passed to the underlying path lookup, so path containment is not enforced.