CVE-2026-45259
Published:June 27, 2026
Updated:June 29, 2026
sigqueue(2) was marked as permitted in capability mode with the introduction of Capsicum in 2011, but the implementation of kern_sigqueue did not include a capability mode check restricting signal delivery to the calling process's own PID.
A process in capability mode can use sigqueue(2) to send signals to any process it could signal following standard Unix permissions, bypassing the Capsicum sandbox restriction. A compromised sandboxed process could interfere with other processes, for example by sending SIGKILL or SIGSTOP. This could be any process running as the same user, or any process, for a superuser sandboxed process.
Affected Packages
https://github.com/freebsd/freebsd-src.git (GITHUB):
Affected version(s) >=release/15.0.0 <release/15.0.0-p10Fix Suggestion:
Update to version release/15.0.0-p10https://github.com/freebsd/freebsd-src.git (GITHUB):
Affected version(s) >=release/14.4.0 <release/14.4.0-p6Fix Suggestion:
Update to version release/14.4.0-p6https://github.com/freebsd/freebsd-src.git (GITHUB):
Affected version(s) >=release/14.3.0 <release/14.3.0-p15Fix Suggestion:
Update to version release/14.3.0-p15Related Resources (1)
Do you need more information?
Contact UsCVSS v4
Base Score:
8.2
Attack Vector
LOCAL
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
HIGH
CVSS v3
Base Score:
6.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH
Weakness Type (CWE)
Incorrect Privilege Assignment
EPSS
Base Score:
0.14