CVE-2026-7270

CVE-2026-7270: Local privilege escalation via execve()

Vendor Freebsd
Product FreeBSD
Weakness CWE-783
Published April 30, 2026
Last update May 10, 2026

CVSS base score

What the vulnerability does

01Description

An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve(2) argument buffers. The bug may be exploitable by an unprivileged user to obtain superuser privileges.

Key dates

02Disclosure timeline

April 30, 2026 CVE published
May 10, 2026 Record updated