ASLR Bypass Vulnerability in FreeBSD ELF Image Activator
CVE-2026-49414

Currently unrated

Key Information:

Vendor: FreeBSD
Status: FreeBSD
Vendor: CVE Published:; 27 June 2026

What is CVE-2026-49414?

The ELF image activator in FreeBSD has a vulnerability that allows an unprivileged local user to bypass Address Space Layout Randomization (ASLR) for setuid Position Independent Executable (PIE) binaries. By manipulating ASLR preference flags through the procctl(2) system call before executing a binary via execve(2), an attacker can render ASLR ineffective at the crucial moment when the binary's base address is determined. This flaw ultimately facilitates the exploitation of other memory corruption vulnerabilities present in the affected binaries, posing a significant security risk.

Affected Version(s)

FreeBSD 15.0-RELEASE

FreeBSD 14.4-RELEASE

FreeBSD 14.3-RELEASE

References

https://security.freebsd.org/advisories/FreeBSD-SA-26:32....

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 27, 2026
Vulnerability Reserved
May 29, 2026

Credit

Synacktiv

CVE-2026-49414 Data

JSON