Improper Signal Management in FreeBSD Affecting User Processes
CVE-2026-45256

5.5MEDIUM

Key Information:

Vendor: FreeBSD
Status: FreeBSD
Vendor: CVE Published:; 26 June 2026

What is CVE-2026-45256?

A flaw in FreeBSD's signal management system allows an unprivileged local user to signal processes and threads without proper permission checks. By leveraging the thr_kill2 system call, an attacker can send signals to processes owned by other users or root, including critical system services, which can lead to unexpected termination of processes and result in Denial of Service attacks. This issue arises from the failure to validate access rights adequately before delivering signals, enabling potential exploitation through brute-force discovery of thread IDs. As a consequence, users operating in restricted environments can interfere with processes outside their intended jurisdiction, compromising system stability.

Affected Version(s)

FreeBSD 15.0-RELEASE

FreeBSD 14.4-RELEASE

FreeBSD 14.3-RELEASE

References

https://security.freebsd.org/advisories/FreeBSD-SA-26:25....

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2026
Vulnerability Reserved
May 11, 2026

Credit

Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li, and Ke Xu from Tsinghua University using GLM-5.1 from Z.ai

Igor Gabriel Sousa e Souza

CVE-2026-45256 Data

JSON