{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-45253", "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "state": "PUBLISHED", "assignerShortName": "freebsd", "dateReserved": "2026-05-11T16:27:44.891Z", "datePublished": "2026-05-21T09:17:29.232Z", "dateUpdated": "2026-05-21T13:48:28.125Z"}, "containers": {"cna": {"datePublic": "2026-05-20T23:00:00.000Z", "title": "Missing validation in ptrace(PT_SC_REMOTE)", "references": [{"tags": ["vendor-advisory"], "url": "https://security.freebsd.org/advisories/FreeBSD-SA-26:21.ptrace.asc"}], "affected": [{"defaultStatus": "unknown", "modules": ["ptrace"], "product": "FreeBSD", "vendor": "FreeBSD", "versions": [{"status": "affected", "versionType": "release", "version": "15.0-RELEASE", "lessThan": "p9"}, {"status": "affected", "versionType": "release", "version": "14.4-RELEASE", "lessThan": "p5"}, {"status": "affected", "versionType": "release", "version": "14.3-RELEASE", "lessThan": "p14"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li, and Ke Xu from Tsinghua University using GLM-5.1 from Z.ai"}, {"lang": "en", "type": "finder", "value": "Ryan at Calif.io"}], "descriptions": [{"lang": "en", "value": "ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target process has no special privileges.\n\nThe missing validation allows an unprivileged local user to escalate privileges, potentially gaining full control of the affected system."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "shortName": "freebsd", "dateUpdated": "2026-05-21T09:17:29.232Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-05-21T13:48:24.775558Z", "id": "CVE-2026-45253", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-21T13:48:28.125Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-45253", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-05-21T13:48:24.775558Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-21T12:27:47.634Z"}}], "cna": {"title": "Missing validation in ptrace(PT_SC_REMOTE)", "credits": [{"lang": "en", "type": "finder", "value": "Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li, and Ke Xu from Tsinghua University using GLM-5.1 from Z.ai"}, {"lang": "en", "type": "finder", "value": "Ryan at Calif.io"}], "affected": [{"vendor": "FreeBSD", "modules": ["ptrace"], "product": "FreeBSD", "versions": [{"status": "affected", "version": "15.0-RELEASE", "lessThan": "p9", "versionType": "release"}, {"status": "affected", "version": "14.4-RELEASE", "lessThan": "p5", "versionType": "release"}, {"status": "affected", "version": "14.3-RELEASE", "lessThan": "p14", "versionType": "release"}], "defaultStatus": "unknown"}], "datePublic": "2026-05-20T23:00:00.000Z", "references": [{"url": "https://security.freebsd.org/advisories/FreeBSD-SA-26:21.ptrace.asc", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target process has no special privileges.\n\nThe missing validation allows an unprivileged local user to escalate privileges, potentially gaining full control of the affected system."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "shortName": "freebsd", "dateUpdated": "2026-05-21T09:17:29.232Z"}}}, "cveMetadata": {"cveId": "CVE-2026-45253", "state": "PUBLISHED", "dateUpdated": "2026-05-21T13:48:28.125Z", "dateReserved": "2026-05-11T16:27:44.891Z", "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "datePublished": "2026-05-21T09:17:29.232Z", "assignerShortName": "freebsd"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target process has no special privileges.\n\nThe missing validation allows an unprivileged local user to escalate privileges, potentially gaining full control of the affected system."}], "id": "CVE-2026-45253", "lastModified": "2026-05-21T15:16:28.117", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-05-21T10:16:26.270", "references": [{"source": "secteam@freebsd.org", "url": "https://security.freebsd.org/advisories/FreeBSD-SA-26:21.ptrace.asc"}], "sourceIdentifier": "secteam@freebsd.org", "vulnStatus": "Undergoing Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "secteam@freebsd.org", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[15.0-RELEASE,p9)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[14.4-RELEASE,p5)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[14.3-RELEASE,p14)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "FreeBSD", "source": "cna", "vendor": "FreeBSD"}, "product": "freebsd", "vendor": "freebsd"}], "created": "2026-05-21T11:30:05.786243+00:00", "updated": "2026-05-21T15:00:11.694976+00:00", "vendors": ["freebsd", "freebsd$PRODUCT$freebsd"]}