CVE-2026-35547

UNKNOWN 0.0

Heap overflow in libnv

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

When processing the header of an incoming message, libnv failed to properly validate the message size. The lack of validation allows a malicious program to write outside the bounds of a heap allocation. This can trigger a crash or system panic, and it may be possible for an unprivileged user to exploit the bug to elevate their privileges.

CWE	CWE-122 CWE-130
Vendor	freebsd
Product	freebsd
Published	Apr 30, 2026

Stay Ahead of the Next One

Get instant alerts for freebsd freebsd

Be the first to know when new unknown vulnerabilities affecting freebsd freebsd are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

FreeBSD / FreeBSD

15.0-RELEASE < p7 14.4-RELEASE < p3 14.3-RELEASE < p12 13.5-RELEASE < p13

References

NVD ↗ CVE.org ↗ EPSS Data ↗

security.freebsd.org: https://security.freebsd.org/advisories/FreeBSD-SA-26:17.libnv.asc

Credits

Mariusz Zaborski