TCP Vulnerability in FreeBSD Affects Network Integrity
CVE-2026-4247

7.5HIGH

Key Information:

Vendor: FreeBSD
Status: FreeBSD
Vendor: CVE Published:; 26 March 2026

What is CVE-2026-4247?

A vulnerability in FreeBSD allows attackers to exploit the tcp_respond() function, which handles challenge ACK packets. If an attacker can send crafted packets that meet specific challenge ACK criteria, it results in the leakage of mbufs—memory buffers used by the TCP stack. This leakage occurs when the FreeBSD host processes more than the configured rate limit of such packets, potentially compromising the host's memory integrity. While on-path attackers can easily execute this exploit, off-path attackers may also take advantage with more complex guessing techniques, making this a significant concern for network operators.

Affected Version(s)

FreeBSD 15.0-RELEASE

FreeBSD 14.4-RELEASE

FreeBSD 14.3-RELEASE

References

https://security.freebsd.org/advisories/FreeBSD-SA-26:06....

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 26, 2026
Vulnerability Reserved
Mar 16, 2026

Credit

Michael Tuexen (Netflix)

CVE-2026-4247 Data

JSON