Privilege Escalation Vulnerability in FreeBSD's ptrace Feature
CVE-2026-45253

8.4HIGH

Key Information:

Vendor: FreeBSD
Status: FreeBSD
Vendor: CVE Published:; 21 May 2026

What is CVE-2026-45253?

A vulnerability exists in FreeBSD's ptrace feature due to improper validation of parameters in syscall and __syscall meta-system calls. This flaw permits unprivileged local users with debugging access to execute arbitrary code in the kernel, potentially leading to a complete system compromise. Careful consideration is required to mitigate risks associated with this vulnerability.

Affected Version(s)

FreeBSD 15.0-RELEASE

FreeBSD 14.4-RELEASE

FreeBSD 14.3-RELEASE

References

https://security.freebsd.org/advisories/FreeBSD-SA-26:21....

vendor-advisory

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 21, 2026
Vulnerability Reserved
May 11, 2026

Credit

Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li, and Ke Xu from Tsinghua University using GLM-5.1 from Z.ai

Ryan at Calif.io

CVE-2026-45253 Data

JSON