CVE-2026-7270 PUBLISHED

Local privilege escalation via execve()

Assigner: freebsd
Reserved: 28.04.2026 Published: 30.04.2026 Updated: 30.04.2026

An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve(2) argument buffers.

The bug may be exploitable by an unprivileged user to obtain superuser privileges.

Product Status

Vendor	FreeBSD
Product	FreeBSD
Versions	Default: unknown affected from 15.0-RELEASE to p7 (excl.) affected from 14.4-RELEASE to p3 (excl.) affected from 14.3-RELEASE to p12 (excl.) affected from 13.5-RELEASE to p13 (excl.)

Credits

Ryan Austin of Calif.io finder

References

https://security.freebsd.org/advisories/FreeBSD-SA-26:13.exec.asc

Problem Types

CWE-783: Operator Precedence Logic Error CWE