CVE-2026-35547
Published: 30 April 2026
Summary
CVE-2026-35547 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Freebsd Freebsd. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 18.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires validation of incoming message header sizes to prevent heap-based buffer overflows from invalid inputs.
Implements memory protections such as ASLR and non-executable heap to block exploitation of heap overflows leading to crashes or privilege escalation.
Ensures timely remediation of the specific libnv buffer overflow flaw through vulnerability monitoring, scanning, and patching as addressed in FreeBSD SA-26:17.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote heap buffer overflow in libnv enables network exploitation of public-facing applications (T1190) and direct privilege escalation from unprivileged access (T1068).
NVD Description
When processing the header of an incoming message, libnv failed to properly validate the message size. The lack of validation allows a malicious program to write outside the bounds of a heap allocation. This can trigger a crash or system…
more
panic, and it may be possible for an unprivileged user to exploit the bug to elevate their privileges.
Deeper analysisAI
CVE-2026-35547 is a heap-based buffer overflow vulnerability in the libnv library, stemming from a failure to properly validate the size of incoming message headers during processing. This flaw, associated with CWE-122 and CWE-130, allows out-of-bounds writes beyond heap allocations in affected FreeBSD systems utilizing libnv.
The vulnerability can be exploited remotely over the network (AV:N) by attackers requiring no privileges (PR:N) and no user interaction (UI:N), though it demands high attack complexity (AC:H) with an unchanged impact scope (S:U). Successful exploitation may trigger system crashes or panics, and it could enable unprivileged users to achieve privilege escalation, with a CVSS v3.1 base score of 8.1 indicating high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H).
The FreeBSD Security Advisory SA-26:17 addresses this issue in libnv, with full details available at https://security.freebsd.org/advisories/FreeBSD-SA-26:17.libnv.asc.
Details
- CWE(s)