External risk intelligence

Local users could gain admin access to systems.

CVE advisorySeverity: HIGH (CVSS 7.8)

CVE-2026-45250

An internal attacker could gain administrative access to systems by exploiting a flaw in a core system function, potentially allowing them to execute code and take control. This matters as it threatens the integrity and security of business operations.

1Halo Surface Signal

Buffer Overflow

Freebsd

14.314.415.0

External exposure likelihood

Halo Surface Signal score for CVE-2026-45250

This is a local privilege escalation vulnerability in the FreeBSD kernel's setcred(2) system call. Exploitation requires local access to execute code on the target system, meaning it is primarily local-only and has no typical public network-facing exposure.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Horizon Alert

Summary of the vulnerability and why it matters

This vulnerability in FreeBSD allows an unprivileged local user to gain elevated privileges by exploiting a flaw in how supplementary group lists are handled. A stack buffer overflow can occur when processing this list, enabling an attacker to run code as the kernel.

  • Local users can gain administrator rights.
  • Allows arbitrary code execution.
  • Affects the FreeBSD operating system.

Attack Path

How an attacker could exploit the issue

An unprivileged local attacker can exploit this flaw by providing an excessively long list of supplementary groups to the `setcred(2)` system call. This triggers a stack buffer overflow before the caller's privileges are checked, allowing arbitrary code execution in kernel mode and leading to full system compromise.

  • Requires local access.
  • Triggers overflow in `setcred(2)`.
  • Exploitable pre-privilege check.

Live Threat

Current exploitation, exposure, and threat context

This is a local privilege escalation vulnerability affecting the FreeBSD kernel. Attackers would need prior access to the target system to weaponize this, making it less appealing for broad, remote attacks. Its primary use case is for an already-compromised insider or an attacker who has gained initial access to escalate privileges.

  • Local exploitation required.
  • No active exploitation observed.
  • Recently published advisory.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Prioritize patching all affected FreeBSD systems to mitigate the CVE-2026-45250 local privilege escalation vulnerability. If immediate patching isn't possible, focus on restricting local user access and monitoring for unusual process behavior. Given the local nature of this exploit, the immediate risk is lower, but successful exploitation leads to full kernel-level compromise.

  • Update FreeBSD to patched versions.
  • Monitor for unauthorized local privilege escalation.
  • Restrict access to sensitive systems.

Frequently asked questions

What is the FreeBSD setcred(2) vulnerability (CVE-2026-45250)?

CVE-2026-45250 is a stack buffer overflow vulnerability in the `setcred(2)` system call on FreeBSD. It allows an unprivileged local user to execute arbitrary code in the kernel context, leading to privilege escalation.

What is the root cause of CVE-2026-45250?

The vulnerability arises from an ordering bug where the privilege check and the length check for the supplementary groups list occur after the kernel has already copied attacker-controlled data into a fixed-size kernel stack buffer. This missing input validation before a bounded copy leads to the overflow.

How is CVE-2026-45250 exploited?

Exploitation requires local access. An unprivileged user invokes `setcred(2)` with a crafted structure containing an oversized supplementary groups array. Since the error return happens after the unsafe copy, the attacker can trigger the overflow before any privilege gate is checked.

What is the relevance of FreeBSD-SA-26:18.setcred.asc regarding CVE-2026-45250?

FreeBSD-SA-26:18.setcred.asc is the official security advisory issued by FreeBSD detailing the setcred(2) buffer overflow vulnerability (CVE-2026-45250). It provides specific information about the vulnerability, affected versions, and mitigation steps.

What are the recommended actions for CVE-2026-45250?

To mitigate CVE-2026-45250, it is recommended to patch all affected FreeBSD systems by upgrading to a release that includes the fix for this vulnerability. If immediate patching is not feasible, restricting local user access and monitoring for unusual process behavior can help reduce risk.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified