Hash Calculation Regression in FreeBSD's Packet Filter
CVE-2026-4748
What is CVE-2026-4748?
A regression within FreeBSD's packet filter (pf) has resulted in a critical issue where specific rules defined with similar address ranges are improperly managed. This flaw causes rules that differ only in their specified address ranges to be treated as duplicates, leading to the silent omission of all but the first rule. Users relying on address range syntax to implement security measures may find their configurations ineffective, as certain rules are ignored. This unexpected behavior can result in over-blocking or under-blocking traffic, creating potential gaps in network security. Furthermore, associated actions tied to the affected rules, such as logging or traffic management directives, might also experience similar issues, although such configurations are generally uncommon. Network administrators are encouraged to review their pf configurations to ensure that no critical rules are overlooked.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
FreeBSD 15.0-RELEASE
FreeBSD 14.4-RELEASE
FreeBSD 14.3-RELEASE