{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/freebsd/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.1,"id":"CVE-2026-35547"},{"cvss":7.5,"id":"CVE-2026-7164"},{"cvss":7.8,"id":"CVE-2026-7270"},{"cvss":8.1,"id":"CVE-2026-42511"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["FreeBSD"],"_cs_severities":["critical"],"_cs_tags":["freebsd","vulnerability","rce","privilege-escalation"],"_cs_type":"advisory","_cs_vendors":["FreeBSD"],"content_html":"\u003cp\u003eOn April 29, 2026, FreeBSD released security advisories to address multiple vulnerabilities across all supported versions of the operating system. These vulnerabilities include CVE-2026-35547, a heap overflow in libnv; CVE-2026-7164, a stack overflow in the pf packet filter when parsing crafted SCTP packets; CVE-2026-7270, a local privilege escalation vulnerability via execve(); and CVE-2026-42511, a remote code execution vulnerability exploitable through malicious DHCP options. The variety and severity of these issues pose a significant risk to FreeBSD systems, potentially enabling attackers to execute arbitrary code, escalate privileges, or cause denial-of-service conditions. Prompt patching is crucial to mitigate these risks.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eInitial Access (CVE-2026-42511):\u003c/strong\u003e An attacker sends a malicious DHCP offer to a vulnerable FreeBSD client. The crafted DHCP options contain shellcode designed to exploit a buffer overflow in the DHCP client.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCode Execution:\u003c/strong\u003e The vulnerable DHCP client processes the malicious DHCP options, resulting in the execution of attacker-controlled code within the context of the dhclient process.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrivilege Escalation (CVE-2026-7270):\u003c/strong\u003e The attacker exploits a vulnerability in the execve() system call to escalate privileges. This involves crafting a specific executable that leverages the flaw to execute arbitrary commands with elevated permissions.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMemory Corruption (CVE-2026-35547):\u003c/strong\u003e The attacker triggers a heap overflow in libnv by providing a specially crafted input. This input causes the libnv library to allocate insufficient memory, leading to data corruption.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePacket Injection/Manipulation (CVE-2026-7164):\u003c/strong\u003e An attacker sends a crafted SCTP packet to a FreeBSD system utilizing the pf packet filter. The malformed packet triggers a stack overflow during parsing within the pf module.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eLateral Movement:\u003c/strong\u003e With elevated privileges, the attacker can move laterally within the network, accessing sensitive data and systems.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eData Exfiltration/System Compromise:\u003c/strong\u003e The attacker exfiltrates sensitive data or installs persistent backdoors, achieving complete system compromise.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities could lead to a range of severe consequences, including remote code execution, local privilege escalation, data breaches, and complete system compromise. While the exact number of affected systems is unknown, given the wide deployment of FreeBSD, a significant number of servers and workstations are potentially at risk. Sectors heavily reliant on FreeBSD, such as hosting providers and network infrastructure companies, are particularly vulnerable.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the security patches released by FreeBSD to address CVE-2026-35547, CVE-2026-7164, CVE-2026-7270, and CVE-2026-42511 immediately on all affected systems.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Suspicious DHCP Client Activity\u0026rdquo; to identify potential exploitation attempts targeting CVE-2026-42511 via malicious DHCP options.\u003c/li\u003e\n\u003cli\u003eEnable process accounting and audit logging to monitor for suspicious execve() calls, as indicated by CVE-2026-7270, and create a detection rule for unusual privilege escalations.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for malformed SCTP packets that could trigger the stack overflow in pf (CVE-2026-7164). Implement a network-based detection rule to identify such packets.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-04T13:44:59Z","date_published":"2026-05-04T13:44:59Z","id":"/briefs/2026-05-freebsd-vulns/","summary":"FreeBSD published security advisories addressing multiple vulnerabilities including remote code execution, local privilege escalation, heap overflow, and stack overflow, affecting all supported versions.","title":"Multiple Vulnerabilities in FreeBSD","url":"https://feed.craftedsignal.io/briefs/2026-05-freebsd-vulns/"}],"language":"en","title":"CraftedSignal Threat Feed — FreeBSD","version":"https://jsonfeed.org/version/1.1"}