Integer Overflow Vulnerability in FreeBSD vt(4) Device
CVE-2026-49416

Currently unrated

Key Information:

Vendor: FreeBSD
Status: FreeBSD
Vendor: CVE Published:; 27 June 2026

What is CVE-2026-49416?

An integer overflow vulnerability exists in the CONS_HISTORY ioctl handler of FreeBSD that fails to properly validate the requested history size. This can lead to a heap allocation that is smaller than necessary due to an erroneous buffer size calculation. An unprivileged local user with access to a vt(4) device may exploit this vulnerability to write beyond the allocated buffer, potentially allowing them to escalate their privileges within the system.

Affected Version(s)

FreeBSD 15.0-RELEASE

FreeBSD 14.4-RELEASE

FreeBSD 14.3-RELEASE

References

https://security.freebsd.org/advisories/FreeBSD-SA-26:34....

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 27, 2026
Vulnerability Reserved
May 29, 2026

Credit

Ed Maste

CVE-2026-49416 Data

JSON