CVE-2026-49414
HIGHDescription
The ELF image activator cleared per-process ASLR preference flags for setuid binaries after the code that computes the PIE base address, rather than before. As a result, a user-requested ASLR disable was still in effect at the point where the base address was chosen. An unprivileged local user can disable ASLR for a setuid PIE binary by calling procctl(2) before execve(2). This makes exploitation of any separate memory corruption vulnerability in that binary significantly easier.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2026-49414? +
How severe is CVE-2026-49414? +
What products are affected by CVE-2026-49414? +
How do I check if I'm vulnerable to CVE-2026-49414? +
Related Vulnerabilities
Versions of the package lockfile-lint-api before 5.9.2 are vulnerable to Incorrect Behavior Order: Early Validation via the resolved attribute of …
A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate …
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to improper implementation of password policies. A local attacker could exploit this …
Concurrent removals of certain anonymous shared memory mappings by using the UMTX_SHM_DESTROY sub-request of UMTX_OP_SHM can lead to decreasing the …
The 802.11 beacon handling routine failed to validate the length of an IEEE 802.11s Mesh ID before copying it to …
NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allows remote attackers to …