CVE-2026-49413
HighCVSS 7.1Exploitation Probability (EPSS)
Low risk1th percentile — higher than 1% of all known CVEs
Summary
A vulnerability in the Linuxulator (FreeBSD's Linux binary compatibility layer) causes the AT_SECURE flag to be incorrectly set to zero for executables with set-user-ID or set-group-ID bits. This allows an unprivileged local user to inject a shared library via the LD_PRELOAD environment variable into such a binary.
Risk Assessment
An attacker can escalate privileges to the level of the binary's owner (e.g., root), leading to full system compromise or breach of data confidentiality and integrity.
Recommendation
Apply the security patch provided by the FreeBSD vendor immediately, and consider temporarily disabling or restricting the use of the Linuxulator for sensitive applications.
Original NVD description (English source)
The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the P_SUGID process flag. During execve(2), this flag is not yet set at the point where the auxiliary vector is constructed, so AT_SECURE was incorrectly set to zero for set-user-ID and set-group-ID executables. An unprivileged local user can inject a shared library via LD_PRELOAD into a set-user-ID or set-group-ID Linux binary, gaining the privileges of that binary.

