CVE-2026-39461Freebsd · Freebsd
Vulnerability data via NVD (ingested)
libcasper(3) communicates with helper processes via UNIX domain sockets, and uses the select(2) system call to wait for data to become available. However, it does not verify that its socket descriptor fits within select(2)'s descriptor set size limit of FD_SETSIZE (1024). An attacker able to cause an application using libcasper(3) to allocate large file descriptors, e.g., by opening many descriptors and executing a program which is not careful to close them upon startup, may trigger stack corruption. If the target application runs with setuid root privileges, this could be used to escalate local privileges.
External references
Search for exposed instances
Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).
vuln:CVE-2026-39461os:"Freebsd"More intel sources (5)
vuln:CVE-2026-39461vulnerabilities.cve_id: CVE-2026-39461CVE-2026-39461CVE-2026-39461"CVE-2026-39461" exploit -site:nvd.nist.gov