CVE-2026-45253

CVE-2026-45253: Missing validation in ptrace(PT_SC_REMOTE)

Vendor Freebsd

Product FreeBSD

Weakness CWE-787

Published May 21, 2026

Last update May 22, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target process has no special privileges. The missing validation allows an unprivileged local user to escalate privileges, potentially gaining full control of the affected system.

Key dates

02Disclosure timeline

May 21, 2026 CVE published

May 22, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-45253 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/787.html

Related vulnerabilities

Identifiers

CVE CVE-2026-45253

CWE CWE-787

Affected versions

Vendor Freebsd

Product FreeBSD

Affected ≥ 15.0-RELEASE and < p9

Vendor Freebsd

Product FreeBSD

Affected ≥ 14.4-RELEASE and < p5

Vendor Freebsd

Product FreeBSD

Affected ≥ 14.3-RELEASE and < p14

CVE-2026-45253: Missing validation in ptrace(PT_SC_REMOTE)

01Description

02Disclosure timeline

03References

04Related CVE