CVE Catalog

CVE-2026-45259

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.10%

1th percentile — higher than 1% of all known CVEs

Summary

A vulnerability in the sigqueue(2) implementation in FreeBSD allows a process in capability mode to send signals to any process, bypassing Capsicum sandbox restrictions. The missing check for the target PID being the calling process's own enables an attacker to interfere with other processes.

Risk Assessment

The risk is that a compromised sandboxed process can send signals like SIGKILL or SIGSTOP to other processes of the same user or, if running as superuser, to any process in the system. This could disrupt critical services or facilitate further attacks.

Recommendation

Immediately update FreeBSD to a version containing the fix for CVE-2026-45259. If an update is not possible, consider temporarily disabling sigqueue(2) in capability mode or applying additional access control mechanisms.

Original NVD description (English source)

sigqueue(2) was marked as permitted in capability mode with the introduction of Capsicum in 2011, but the implementation of kern_sigqueue did not include a capability mode check restricting signal delivery to the calling process's own PID. A process in capability mode can use sigqueue(2) to send signals to any process it could signal following standard Unix permissions, bypassing the Capsicum sandbox restriction. A compromised sandboxed process could interfere with other processes, for example by sending SIGKILL or SIGSTOP. This could be any process running as the same user, or any process, for a superuser sandboxed process.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS