CVE-2026-39461

Published May 21, 2026

Last updated 4 days ago

CVSS high 8.8

Overview

Description: libcasper(3) communicates with helper processes via UNIX domain sockets, and uses the select(2) system call to wait for data to become available. However, it does not verify that its socket descriptor fits within select(2)'s descriptor set size limit of FD_SETSIZE (1024). An attacker able to cause an application using libcasper(3) to allocate large file descriptors, e.g., by opening many descriptors and executing a program which is not careful to close them upon startup, may trigger stack corruption. If the target application runs with setuid root privileges, this could be used to escalate local privileges.
Source: secteam@freebsd.org
NVD status: Analyzed
Products: freebsd

Risk scores

CVSS 3.1

Type: Secondary
Base score: 8.8
Impact score: 6
Exploitability score: 2
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Severity: HIGH

Weaknesses

secteam@freebsd.org: CWE-121

Hype score: Not currently trending

The FreeBSD project released a number of security advisories yesterday. We're still reviewing them. So far, one does not impact MidnightBSD (setcred), and two more do: CVE-2026-39461 (libcasper) and CVE-2026-45254. We've patched the latter in git on master and stable/4.0
@midnightbsd
22 May 2026
133 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:14.3:-:*:*:*:*:*:*",
            "matchCriteriaId": "9DC7C54E-58AF-4ADE-84AF-0EF0F325E20E",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:14.3:p1:*:*:*:*:*:*",
            "matchCriteriaId": "D3D22B8C-36CF-4800-9673-0B0240558BDD",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:14.3:p10:*:*:*:*:*:*",
            "matchCriteriaId": "7296F5AA-F8C1-4277-A4EE-C2B24073A320",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:14.3:p11:*:*:*:*:*:*",
            "matchCriteriaId": "C30E4A9C-0594-4F40-92B3-26CB9AA85AE9",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:14.3:p12:*:*:*:*:*:*",
            "matchCriteriaId": "9F83F91B-587A-433C-99DB-0D63E267FF16",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:14.3:p13:*:*:*:*:*:*",
            "matchCriteriaId": "44B9C2FC-756E-459F-8E68-C2C2B8C258AC",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:14.3:p2:*:*:*:*:*:*",
            "matchCriteriaId": "242FA2A8-5D7D-4617-A411-2651FF3A3E4C",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:14.3:p3:*:*:*:*:*:*",
            "matchCriteriaId": "40573F60-F3B7-4AEC-846A-B08E5B7D9D00",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:14.3:p4:*:*:*:*:*:*",
            "matchCriteriaId": "1FB832CE-0A98-44A2-8BAC-CD38A64279B6",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:14.3:p5:*:*:*:*:*:*",
            "matchCriteriaId": "9A785F8E-C218-41AE-8D57-BF06DDAEF7CB",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:14.3:p6:*:*:*:*:*:*",
            "matchCriteriaId": "C3909FDD-B2A2-45B6-A40B-1D303A717F15",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:14.3:p7:*:*:*:*:*:*",
            "matchCriteriaId": "720597A2-F181-46E1-8A0D-097E17ADC4FB",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:14.3:p8:*:*:*:*:*:*",
            "matchCriteriaId": "DC8A75D0-148A-427A-9783-45477EABED21",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:14.3:p9:*:*:*:*:*:*",
            "matchCriteriaId": "F5D39FC9-6DBA-46C8-BB80-A6188E6A8527",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:14.4:-:*:*:*:*:*:*",
            "matchCriteriaId": "8F3856BE-666F-4FA1-A6AD-FE179CEBF1E4",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:14.4:p1:*:*:*:*:*:*",
            "matchCriteriaId": "D9CC0037-3282-42C3-80D8-F6C1D43B9332",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:14.4:p2:*:*:*:*:*:*",
            "matchCriteriaId": "1EADA828-3C20-43C0-A0CA-3AC7D7F23DBD",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:14.4:p3:*:*:*:*:*:*",
            "matchCriteriaId": "53D73FD2-4B06-47D3-BA2A-4363E9DE3565",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:14.4:p4:*:*:*:*:*:*",
            "matchCriteriaId": "D726890B-E679-43A9-A211-D5C05BBE3941",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:14.4:rc1:*:*:*:*:*:*",
            "matchCriteriaId": "0342A715-E211-4AF6-97ED-32EB9EBB947D",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:15.0:-:*:*:*:*:*:*",
            "matchCriteriaId": "368CFE5D-C5C2-42AF-AAF4-28DFE1A59C3B",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:15.0:p1:*:*:*:*:*:*",
            "matchCriteriaId": "AA4AAA57-70A7-4717-ACF2-A253E757FF2C",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:15.0:p2:*:*:*:*:*:*",
            "matchCriteriaId": "E24ABFA6-4D12-4DE5-832B-438502C7D188",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:15.0:p3:*:*:*:*:*:*",
            "matchCriteriaId": "C1C9869C-494B-4628-9AA3-4AA5B989C377",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:15.0:p4:*:*:*:*:*:*",
            "matchCriteriaId": "002AA2FE-C7BA-471A-9434-0E56A878ACBF",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:15.0:p5:*:*:*:*:*:*",
            "matchCriteriaId": "B187670D-E3A2-4A0D-A653-982F8B447E78",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:15.0:p6:*:*:*:*:*:*",
            "matchCriteriaId": "047E7EE9-FB51-4CF2-A8BE-484BFD819565",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:15.0:p7:*:*:*:*:*:*",
            "matchCriteriaId": "2C9768AE-9954-4B2A-9525-D7D4942406E7",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:15.0:p8:*:*:*:*:*:*",
            "matchCriteriaId": "F8B9EF55-3755-452A-B067-043803099B22",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References