CVE-2026-45252 — MEDIUM (5.5)

Vulnerability Description

When a fusefs file system implements extended attributes, the kernel may send a FUSE_LISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a given file. The FUSE protocol requires the daemon to return a packed list of NUL-terminated strings. The fusefs kernel module calls strlen() on this daemon-supplied buffer without first verifying that the entire list is NUL-terminated. If a malicious daemon sends a non-NUL-terminated list, the fusefs kernel module may read beyond the end of one heap-allocated buffer and potentially write beyond the end of a second buffer. A malicious daemon could disclose up to 253 bytes of kernel heap memory, or it could inject up to 250 attacker-controlled bytes into unallocated kernel heap space.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Freebsd	Freebsd	14.3

Related Weaknesses (CWE)

CWE-122

References

https://security.freebsd.org/advisories/FreeBSD-SA-26:20.fusefs.ascVendor Advisory

FAQ

What is CVE-2026-45252?

CVE-2026-45252 is a vulnerability with a CVSS score of 5.5 (MEDIUM). When a fusefs file system implements extended attributes, the kernel may send a FUSE_LISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a given file. The FUSE p...

How severe is CVE-2026-45252?

CVE-2026-45252 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-45252?

Check the references section above for vendor advisories and patch information. Affected products include: Freebsd Freebsd.