CVE-2026-35547
Received Received - Intake
Heap Buffer Overflow in libnv Message Processing

Publication date: 2026-04-30

Last updated on: 2026-05-01

Assigner: FreeBSD

Description
When processing the header of an incoming message, libnv failed to properly validate the message size. The lack of validation allows a malicious program to write outside the bounds of a heap allocation. This can trigger a crash or system panic, and it may be possible for an unprivileged user to exploit the bug to elevate their privileges.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-30
Last Modified
2026-05-01
Generated
2026-06-16
AI Q&A
2026-04-30
EPSS Evaluated
2026-06-15
NVD
CVE-2026-35547
EUVD
EUVD-2026-26355
Affected Vendors & Products
Showing 37 associated CPEs
Vendor Product Version / Range
freebsd freebsd 15.0
freebsd freebsd 15.0
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 15.0
freebsd freebsd 14.4
freebsd freebsd 15.0
freebsd freebsd 14.3
freebsd freebsd 14.4
freebsd freebsd 15.0
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.4
freebsd freebsd 14.4
freebsd freebsd 15.0
freebsd freebsd 15.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-130 The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a heap overflow in the libnv library, which is responsible for storing and exchanging name-value pairs and supports inter-process communication (IPC) mechanisms.

The issue arises because libnv fails to properly validate the size of incoming message headers. This lack of validation allows a malicious program to write data outside the bounds of allocated heap memory.

As a result, this can cause system crashes or panics, and it may also allow an unprivileged user to exploit the bug to escalate their privileges.

Impact Analysis

The vulnerability can impact you by causing system instability such as crashes or panics due to heap memory corruption.

More seriously, it may allow an unprivileged user to exploit the vulnerability to gain elevated privileges, potentially compromising system security.

Mitigation Strategies

To mitigate this vulnerability, users are advised to upgrade to patched versions of FreeBSD 13, 14, or 15.

Patches are available for direct application, and systems can be updated via pkg, freebsd-update, or by recompiling from source.

No workaround exists, so applying the official patches or upgrading is the immediate recommended action.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

There is no specific information provided about detection methods or commands to identify this vulnerability on a network or system.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-35547. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart