CVE-2026-7270

EUVD-2026-26353
An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve(2) argument buffers.

The bug may be exploitable by an unprivileged user to obtain superuser privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
freebsdfreebsd
13.5
freebsdfreebsd
13.5:beta3
freebsdfreebsd
13.5:p1
freebsdfreebsd
13.5:p10
freebsdfreebsd
13.5:p11
freebsdfreebsd
13.5:p12
freebsdfreebsd
13.5:p2
freebsdfreebsd
13.5:p3
freebsdfreebsd
13.5:p4
freebsdfreebsd
13.5:p5
freebsdfreebsd
13.5:p6
freebsdfreebsd
13.5:p7
freebsdfreebsd
13.5:p8
freebsdfreebsd
13.5:p9
freebsdfreebsd
14.3
freebsdfreebsd
14.3:p1
freebsdfreebsd
14.3:p10
freebsdfreebsd
14.3:p11
freebsdfreebsd
14.3:p2
freebsdfreebsd
14.3:p3
freebsdfreebsd
14.3:p4
freebsdfreebsd
14.3:p5
freebsdfreebsd
14.3:p6
freebsdfreebsd
14.3:p7
freebsdfreebsd
14.3:p8
freebsdfreebsd
14.3:p9
freebsdfreebsd
14.4
freebsdfreebsd
14.4:p1
freebsdfreebsd
14.4:p2
freebsdfreebsd
14.4:rc1
freebsdfreebsd
15.0
freebsdfreebsd
15.0:p1
freebsdfreebsd
15.0:p2
freebsdfreebsd
15.0:p3
freebsdfreebsd
15.0:p4
freebsdfreebsd
15.0:p5
freebsdfreebsd
15.0:p6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://security.freebsd.org/advisories/FreeBSD-SA-26:13.exec.asc
https://blog.calif.io/p/cve-2026-7270-how-i-get-root-on-freebsd
https://news.ycombinator.com/item?id=48077971