FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Incorrect libcap_net limitation list manipulation

Affected packages
15.0 <= FreeBSD < 15.0_9
14.4 <= FreeBSD < 14.4_5
14.3 <= FreeBSD < 14.3_14

Details

VuXML ID 37ab0cbc-54b7-11f1-8d7a-bc241121aa0a
Discovery 2026-05-20
Entry 2026-05-21

Problem Description:

In the case of the cap_net service, when a key present in the old limit was omitted from the new limit, the missing key was treated as "allow any" instead of being rejected.

Impact:

In certain scenarios, an application that had previously restricted a subset of network operations could ask for a new limit that extended the permissions of the process.

References

CVE Name CVE-2026-45254
FreeBSD Advisory SA-26:24.cap_net

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.