Heap Allocation Vulnerability in libnv Affects FreeBSD Software
CVE-2026-35547

8.1HIGH

Key Information:

Vendor: FreeBSD
Status: FreeBSD
Vendor: CVE Published:; 30 April 2026

What is CVE-2026-35547?

The libnv library's failure to validate the size of incoming message headers can lead to a harmful heap overflow vulnerability. This flaw allows malicious entities to write outside the defined memory bounds, potentially causing system crashes or panic. Furthermore, in some cases, an unprivileged user could exploit this flaw to escalate their privileges, posing a significant security risk to systems using affected versions of FreeBSD.

Affected Version(s)

FreeBSD 15.0-RELEASE

FreeBSD 14.4-RELEASE

FreeBSD 14.3-RELEASE

References

https://security.freebsd.org/advisories/FreeBSD-SA-26:17....

vendor-advisory

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2026
Vulnerability Reserved
Apr 28, 2026

Credit

Mariusz Zaborski

CVE-2026-35547 Data

JSON