What is the CVSS score of CVE-2026-45253?

CVE-2026-45253 has a CVSS 3.1 base score of 8.4 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of FreeBSD are affected by CVE-2026-45253?

A local privilege escalation flaw in FreeBSD 14.3, 14.4, and 15.0 allows users with debug process access to escalate privileges to kernel level, with no public exploit identified at time of analysis.

FreeBSD CVE-2026-45253

EUVD-2026-31257 HIGH

Out-of-bounds Write (CWE-787)

2026-05-21 freebsd

GHSA-96wx-9xhw-cf8x

RCE Buffer Overflow Memory Corruption

8.4

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

May 21, 2026 - 15:23 vuln.today

Severity Changed

May 21, 2026 - 15:22 NVD

MEDIUM HIGH

CVSS changed

May 21, 2026 - 15:22 NVD

5.9 (MEDIUM) 8.4 (HIGH)

CVE Published

May 21, 2026 - 09:17 nvd

UNKNOWN (no severity yet)

DescriptionNVD

ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target process has no special privileges.

The missing validation allows an unprivileged local user to escalate privileges, potentially gaining full control of the affected system.

AnalysisAI

Local privilege escalation in FreeBSD via the ptrace(PT_SC_REMOTE) interface allows an unprivileged user with debug access to a process to trigger arbitrary kernel code execution by abusing improperly validated parameters in syscall(2) and __syscall(2) meta-system calls. Affected releases include FreeBSD 14.3, 14.4, and 15.0 prior to their respective patch levels, and no public exploit identified at time of analysis. …

RemediationAI

Within 24 hours: Audit and inventory all FreeBSD systems running versions 14.3, 14.4, or 15.0; identify all users and service accounts with ptrace() debug permissions. Within 7 days: Restrict debug process access and ptrace() syscalls to essential administrative accounts only; disable PT_SC_REMOTE interface if not operationally required. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-45253 vulnerability details – vuln.today

Back

FreeBSD CVE-2026-45253

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code