CVE-2026-4748

EPSS 0.06%
Veröffentlicht 01.04.2026 06:18:52
Zuletzt bearbeitet 02.04.2026 20:47:20
Quelle secteam@freebsd.org
CVE-Watchlists
Login
Unerledigt
Login

pf silently ignores certain rules

A regression in the way hashes were calculated caused rules containing the address range syntax (x.x.x.x - y.y.y.y) that only differ in the address range(s) involved to be silently dropped as duplicates.  Only the first of such rules is actually loaded into pf.  Ranges expressed using the address[/mask-bits] syntax were not affected.

Some keywords representing actions taken on a packet-matching rule, such as 'log', 'return tll', or 'dnpipe', may suffer from the same issue.  It is unlikely that users have such configurations, as these rules would always be redundant.

Affected rules are silently ignored, which can lead to unexpected behaviour including over- and underblocking.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 3 Referenzen 4

NVD 18 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Freebsd ≫ Freebsd Version >= 14.0 < 14.4

Freebsd ≫ Freebsd Version14.3 Update-

Freebsd ≫ Freebsd Version14.3 Updatep1

Freebsd ≫ Freebsd Version14.3 Updatep2

Freebsd ≫ Freebsd Version14.3 Updatep3

Freebsd ≫ Freebsd Version14.3 Updatep4

Freebsd ≫ Freebsd Version14.3 Updatep5

Freebsd ≫ Freebsd Version14.3 Updatep6

Freebsd ≫ Freebsd Version14.3 Updatep7

Freebsd ≫ Freebsd Version14.3 Updatep8

Freebsd ≫ Freebsd Version14.3 Updatep9

Freebsd ≫ Freebsd Version14.4 Update-

Freebsd ≫ Freebsd Version14.4 Updaterc1

Freebsd ≫ Freebsd Version15.0 Update-

Freebsd ≫ Freebsd Version15.0 Updatep1

Freebsd ≫ Freebsd Version15.0 Updatep2

Freebsd ≫ Freebsd Version15.0 Updatep3

Freebsd ≫ Freebsd Version15.0 Updatep4

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.184

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-1023 Incomplete Comparison with Missing Factors

The product performs a comparison between entities that must consider multiple factors or characteristics of each entity, but the comparison does not include one or more of these factors.

CWE-480 Use of Incorrect Operator

The product accidentally uses the wrong operator, which changes the logic in security-relevant ways.

CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

https://security.freebsd.org/advisories/FreeBSD-SA-26:09.pf.asc

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-4748

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-4748

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-4748

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-4748