Vulnerability DatabaseCVE-2026-4247
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2026-4247
March 26, 2026
When a challenge ACK is to be sent tcp_respond() constructs and sends the challenge ACK and consumes the mbuf that is passed in. When no challenge ACK should be sent the function returns and leaks the mbuf. If an attacker is either on path with an established TCP connection, or can themselves establish a TCP connection, to an affected FreeBSD machine, they can easily craft and send packets which meet the challenge ACK criteria and cause the FreeBSD host to leak an mbuf for each crafted packet in excess of the configured rate limit settings i.e. with default settings, crafted packets in excess of the first 5 sent within a 1s period will leak an mbuf. Technically, off-path attackers can also exploit this problem by guessing the IP addresses, TCP port numbers and in some cases the sequence numbers of established connections and spoofing packets towards a FreeBSD machine, but this is harder to do effectively.
Affected Packages
https://github.com/freebsd/freebsd-src.git (GITHUB):
Affected version(s) >=release/14.4.0 <release/14.4.0-p1
Fix Suggestion:
Update to version release/14.4.0-p1
https://github.com/freebsd/freebsd-src.git (GITHUB):
Affected version(s) >=release/14.3.0 <release/14.3.0-p10
Fix Suggestion:
Update to version release/14.3.0-p10
https://github.com/freebsd/freebsd-src.git (GITHUB):
Affected version(s) >=release/14.4.0 <release/14.4.0-p1
Fix Suggestion:
Update to version release/14.4.0-p1
https://github.com/freebsd/freebsd-src.git (GITHUB):
Affected version(s) >=release/14.3.0 <release/14.3.0-p10
Fix Suggestion:
Update to version release/14.3.0-p10
https://github.com/freebsd/freebsd-src.git (GITHUB):
Affected version(s) >=release/15.0.0 <release/15.0.0-p5
Fix Suggestion:
Update to version release/15.0.0-p5
https://github.com/freebsd/freebsd-src.git (GITHUB):
Affected version(s) >=release/15.0.0 <release/15.0.0-p5
Fix Suggestion:
Update to version release/15.0.0-p5
https://github.com/freebsd/freebsd-src.git (GITHUB):
Affected version(s) >=release/14.3.0 <release/14.3.0-p10
Fix Suggestion:
Update to version release/14.3.0-p10
https://github.com/freebsd/freebsd-src.git (GITHUB):
Affected version(s) >=release/14.4.0 <release/14.4.0-p1
Fix Suggestion:
Update to version release/14.4.0-p1
Related Resources (1)
https://security.freebsd.org/advisories/FreeBSD-SA-26:06.tcp.asc
Do you need more information?
Contact Us
CVSS v3
Base Score:
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH
Weakness Type (CWE)
Missing Release of Memory after Effective Lifetime
CWE-401
EPSS
Base Score:
0.02