Use-After-Free Vulnerability in OpenBSD Kernel Component
CVE-2026-57589

7.4HIGH

Key Information:

Vendor

OpenBSD

Status
Vendor
CVE Published:
25 June 2026

What is CVE-2026-57589?

A vulnerability in the OpenBSD kernel, specifically within the sysv_sem.c component, allows for a use-after-free condition. This issue arises during a context switch after a tsleep call in the sys_semget() function. Exploitation of this vulnerability can lead to local privilege escalation, granting unauthorized root access to an attacker. Users of OpenBSD versions up to 7.9 are advised to assess their systems and apply necessary patches.

Affected Version(s)

OpenBSD 0 <= 7.9

References

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.