Skip to main content

Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

© 2026 Mondoo, Inc.

Log in Get Assessment

Vulnerability IntelligenceCVE-2026-7270

CVE-2026-7270

HIGH7.8

Local privilege escalation via execve()

Published Apr 30, 2026

Modified 3 weeks ago

Details

An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve(2) argument buffers.

The bug may be exploitable by an unprivileged user to obtain superuser privileges.

References

https://blog.calif.io/p/cve-2026-7270-how-i-get-root-on-freebsd

https://news.ycombinator.com/item?id=48077971

https://security.freebsd.org/advisories/FreeBSD-SA-26:13.exec.asc

https://www.cve.org/CVERecord?id=CVE-2026-7270

CVSS Analysis

CVSS v3.1

7.8

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

7.8/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

Other

Ecosystems

Timeline

PublishedApr 30, 2026

ModifiedMay 10, 2026

CVE-2026-7270 | Mondoo Vulnerability Intelligence