FreeBSD's latest security advisory, FreeBSD-SA-26:30, drops a privilege escalation bug (CVE-2026-49413) that forces patching across six distinct version lines—immediately.
Which Branches Are Affected
The vulnerable builds span two major branches. On branch 14, versions before 14-n274315, 14.3-n271519, and 14.4-n273719 are exposed. Branch 15 catches versions before 15-n283886, 15.0-n281057, and 15.1-n283555. That's a wide swath of production and development kernels.
What the Advisory Tells Us
The CERT-FR alert (CERTFR-2026-AVI-0716) confirms the risk is privilege escalation—an attacker with limited access can gain root. No exploit code or attack vector details are public yet, but the CVE entry (CVE-2026-49413) is live. The advisory references FreeBSD's own bulletin from June 9.
Patch Now or Get Rooted
If you're running any FreeBSD on those branches, check uname -a against the build numbers above. The fix is in the next commit past each threshold. Pull the patch, rebuild your kernel, and reboot. No workaround is documented—this is a straight-up privilege escalation, likely in the Linux compatibility layer or a core subsystem given the breadth of affected versions.
Expect more technical details to surface once the patch is stable and FreeBSD's security team releases a full analysis. For now, treat this as a mandatory update for any system exposed to unprivileged users.
Source: Vulnérabilité dans FreeBSD (10 juin 2026)
Domain: cert.ssi.gouv.fr
Comments load interactively on the live page.