Cyber Resilience

CVE-2026-39461

High

Published: 21 May 2026

Published
21 May 2026
Modified
21 May 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0017 6.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-39461 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Freebsd Freebsd. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 6.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

libcasper(3) communicates with helper processes via UNIX domain sockets, and uses the select(2) system call to wait for data to become available. However, it does not verify that its socket descriptor fits within select(2)'s descriptor set size limit of FD_SETSIZE…

more

(1024). An attacker able to cause an application using libcasper(3) to allocate large file descriptors, e.g., by opening many descriptors and executing a program which is not careful to close them upon startup, may trigger stack corruption. If the target application runs with setuid root privileges, this could be used to escalate local privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Stack-based buffer overflow in libcasper select(2) handling directly enables local privilege escalation via crafted file descriptors against setuid binaries.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-45250Same product: Freebsd Freebsd
CVE-2026-39457Same product: Freebsd Freebsd
CVE-2026-4747Same product: Freebsd Freebsd
CVE-2026-7270Same product: Freebsd Freebsd
CVE-2026-6386Same product: Freebsd Freebsd
CVE-2026-45251Same product: Freebsd Freebsd
CVE-2026-5398Same product: Freebsd Freebsd
CVE-2026-45253Same product: Freebsd Freebsd
CVE-2025-15576Same product: Freebsd Freebsd
CVE-2025-15547Same product: Freebsd Freebsd

Affected Assets

freebsd
freebsd
14.3, 14.4, 15.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References