CVE Catalog

CVE-2026-49413

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.10%

1th percentile — higher than 1% of all known CVEs

Summary

A vulnerability in the Linuxulator (FreeBSD's Linux binary compatibility layer) causes the AT_SECURE flag to be incorrectly set to zero for executables with set-user-ID or set-group-ID bits. This allows an unprivileged local user to inject a shared library via the LD_PRELOAD environment variable into such a binary.

Risk Assessment

An attacker can escalate privileges to the level of the binary's owner (e.g., root), leading to full system compromise or breach of data confidentiality and integrity.

Recommendation

Apply the security patch provided by the FreeBSD vendor immediately, and consider temporarily disabling or restricting the use of the Linuxulator for sensitive applications.

Original NVD description (English source)

The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the P_SUGID process flag. During execve(2), this flag is not yet set at the point where the auxiliary vector is constructed, so AT_SECURE was incorrectly set to zero for set-user-ID and set-group-ID executables. An unprivileged local user can inject a shared library via LD_PRELOAD into a set-user-ID or set-group-ID Linux binary, gaining the privileges of that binary.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS