CVE-2026-39457 - High Severity Vulnerability
Vulnerable Library - src4.0.4
Library home page: https://github.com/MidnightBSD/src.git
Found in base branch: stable/4.0
Vulnerable Source Files (1)
/lib/libnv/msgio.c
Vulnerability Details
When exchanging data over a socket, libnv uses select(2) to wait for data to arrive. However, it does not verify whether the provided socket descriptor fits in select(2)'s file descriptor set size limit of FD_SETSIZE (1024).
An attacker who is able to force a libnv application to allocate large file descriptors, e.g., by opening many descriptors and executing a program which is not careful to close them upon startup, can trigger stack corruption. If the target application is setuid-root, then this could be used to elevate local privileges.
Publish Date: 2026-04-30
URL: CVE-2026-39457
CVSS 3 Score Details (7.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Release Date: 2026-04-30
Fix Resolution: https://github.com/freebsd/freebsd-src.git - release/15.0.0-p7,https://github.com/freebsd/freebsd-src.git - release/14.4.0-p3,https://github.com/freebsd/freebsd-src.git - release/13.5.0-p13,https://github.com/freebsd/freebsd-src.git - release/14.3.0-p12
Step up your Open Source Security Game with Mend here
CVE-2026-39457 - High Severity Vulnerability
Library home page: https://github.com/MidnightBSD/src.git
Found in base branch: stable/4.0
When exchanging data over a socket, libnv uses select(2) to wait for data to arrive. However, it does not verify whether the provided socket descriptor fits in select(2)'s file descriptor set size limit of FD_SETSIZE (1024).
An attacker who is able to force a libnv application to allocate large file descriptors, e.g., by opening many descriptors and executing a program which is not careful to close them upon startup, can trigger stack corruption. If the target application is setuid-root, then this could be used to elevate local privileges.
Publish Date: 2026-04-30
URL: CVE-2026-39457
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Release Date: 2026-04-30
Fix Resolution: https://github.com/freebsd/freebsd-src.git - release/15.0.0-p7,https://github.com/freebsd/freebsd-src.git - release/14.4.0-p3,https://github.com/freebsd/freebsd-src.git - release/13.5.0-p13,https://github.com/freebsd/freebsd-src.git - release/14.3.0-p12
Step up your Open Source Security Game with Mend here