CVE-2026-7164
Published: 30 April 2026
Summary
CVE-2026-7164 is a high-severity Uncontrolled Recursion (CWE-674) vulnerability in Freebsd Freebsd. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 36.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the vulnerability by requiring timely patching of the identified flaw in FreeBSD's pf SCTP packet parsing as detailed in the security advisory.
Protects against denial-of-service attacks from crafted SCTP packets causing kernel panic through resource limiting and event identification.
Enforces validation of SCTP chunk parameters to prevent unbounded recursion and stack overflow during packet parsing in pf.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables remote exploitation of a parsing flaw in the pf kernel module via crafted SCTP packets, directly causing stack overflow, kernel panic, and denial of service, matching T1499.004 Application or System Exploitation.
NVD Description
Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. Remote attackers can craft packets which cause affected systems to panic. This affects any system where pf is configured to…
more
process traffic, independent of the configured ruleset.
Deeper analysisAI
CVE-2026-7164 is a vulnerability in FreeBSD's pf packet filter that stems from incorrect packet validation during the parsing of SCTP chunk parameters. This flaw enables unbounded recursion, which can lead to a stack overflow and subsequent kernel panic. The issue affects any FreeBSD system where pf is configured to process traffic, regardless of the specific ruleset in use.
Remote, unauthenticated attackers can exploit this vulnerability by crafting malicious SCTP packets that trigger the recursive parsing error. Successful exploitation results in a denial-of-service condition, causing the affected system to panic and potentially reboot. The CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) reflects its network accessibility, low complexity, and high availability impact, with associated CWEs CWE-674 (Uncontrolled Recursion) and CWE-791 (Incomplete Filtering of Special Elements).
The FreeBSD security advisory at https://security.freebsd.org/advisories/FreeBSD-SA-26:14.pf.asc details mitigation steps and available patches for this vulnerability.
Details
- CWE(s)