What is the CVSS score of CVE-2026-39457?

CVE-2026-39457 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of FreeBSD libnv are affected by CVE-2026-39457?

CVE-2026-39457 is a privilege escalation vulnerability in FreeBSD's libnv library that allows authenticated local users to gain root access through setuid-root applications.

FreeBSD libnv CVE-2026-39457

EUVD-2026-26356 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-04-30 freebsd

Buffer Overflow Stack Overflow

7.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Apr 30, 2026 - 14:24 vuln.today

CVSS changed

Apr 30, 2026 - 14:22 NVD

7.8 (HIGH)

EUVD ID Assigned

Apr 30, 2026 - 09:00 euvd

EUVD-2026-26356

Analysis Generated

Apr 30, 2026 - 09:00 vuln.today

CVE Published

Apr 30, 2026 - 08:01 nvd

HIGH 7.8

DescriptionNVD

When exchanging data over a socket, libnv uses select(2) to wait for data to arrive. However, it does not verify whether the provided socket descriptor fits in select(2)'s file descriptor set size limit of FD_SETSIZE (1024).

An attacker who is able to force a libnv application to allocate large file descriptors, e.g., by opening many descriptors and executing a program which is not careful to close them upon startup, can trigger stack corruption. If the target application is setuid-root, then this could be used to elevate local privileges.

AnalysisAI

Stack corruption in FreeBSD libnv library allows local authenticated attackers to elevate privileges to root when exploiting setuid-root applications. The vulnerability stems from libnv's select(2) implementation failing to validate socket descriptors against FD_SETSIZE limits (1024), enabling descriptor exhaustion attacks that corrupt stack memory. …

RemediationAI

Within 24 hours: Identify all FreeBSD systems running libnv (standard on FreeBSD 11.0+) and assess exposure to local user accounts. Within 7 days: Apply FreeBSD Security Advisory SA-26:16 patches to all affected stable branches (11.4-RELEASE, 12.4-RELEASE, 13.3-RELEASE, or later patched versions as released). …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-39457 vulnerability details – vuln.today

Back

FreeBSD libnv CVE-2026-39457

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code