Heap Allocation Vulnerability in libnv Affects FreeBSD Software
CVE-2026-35547

Currently unrated

Key Information:

Vendor: FreeBSD
Status: FreeBSD
Vendor: CVE Published:; 30 April 2026

What is CVE-2026-35547?

The libnv library's failure to validate the size of incoming message headers can lead to a harmful heap overflow vulnerability. This flaw allows malicious entities to write outside the defined memory bounds, potentially causing system crashes or panic. Furthermore, in some cases, an unprivileged user could exploit this flaw to escalate their privileges, posing a significant security risk to systems using affected versions of FreeBSD.

Affected Version(s)

FreeBSD 15.0-RELEASE

FreeBSD 14.4-RELEASE

FreeBSD 14.3-RELEASE

References

https://security.freebsd.org/advisories/FreeBSD-SA-26:17....

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2026
Vulnerability Reserved
Apr 28, 2026

Credit

Mariusz Zaborski

CVE-2026-35547 Data

JSON