CVE-2026-39457
Received Received - Intake
File Descriptor Exhaustion in libnv Leads to Stack Corruption

Publication date: 2026-04-30

Last updated on: 2026-05-01

Assigner: FreeBSD

Description
When exchanging data over a socket, libnv uses select(2) to wait for data to arrive. However, it does not verify whether the provided socket descriptor fits in select(2)'s file descriptor set size limit of FD_SETSIZE (1024). An attacker who is able to force a libnv application to allocate large file descriptors, e.g., by opening many descriptors and executing a program which is not careful to close them upon startup, can trigger stack corruption. If the target application is setuid-root, then this could be used to elevate local privileges.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-30
Last Modified
2026-05-01
Generated
2026-06-16
AI Q&A
2026-04-30
EPSS Evaluated
2026-06-15
NVD
CVE-2026-39457
EUVD
EUVD-2026-26356
Affected Vendors & Products
Showing 37 associated CPEs
Vendor Product Version / Range
freebsd freebsd 15.0
freebsd freebsd 15.0
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 15.0
freebsd freebsd 14.4
freebsd freebsd 15.0
freebsd freebsd 14.3
freebsd freebsd 14.4
freebsd freebsd 15.0
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.4
freebsd freebsd 14.4
freebsd freebsd 15.0
freebsd freebsd 15.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-39457 is a stack overflow vulnerability in FreeBSD's libnv library, which is used for storing and exchanging name-value pairs and facilitating inter-process communication.

The vulnerability occurs because libnv uses the select() system call to wait for data on a socket without checking if the socket descriptor exceeds the maximum allowed size (FD_SETSIZE, which is 1024).

An attacker can exploit this by forcing a libnv application to allocate large file descriptors, for example by opening many descriptors and running a program that does not close them properly, which can lead to stack corruption.

If the vulnerable application is setuid-root, this stack corruption can be leveraged to escalate local privileges.

Compliance Impact

The vulnerability in libnv can lead to local privilege escalation if exploited, especially in setuid-root applications. This elevation of privileges could potentially allow unauthorized access to sensitive data or system functions.

Such unauthorized access or privilege escalation may impact compliance with standards and regulations like GDPR and HIPAA, which require strict controls over access to personal and sensitive information.

However, the provided information does not explicitly discuss the direct impact on compliance with these regulations.

Impact Analysis

This vulnerability can lead to stack corruption in applications using the libnv library when handling large socket descriptors.

If the affected application runs with elevated privileges (setuid-root), an attacker could exploit this flaw to escalate their local privileges, potentially gaining root access on the system.

Such privilege escalation can compromise system security, allowing unauthorized actions and access to sensitive data.

Detection Guidance

There is no specific detection method or commands provided to identify this vulnerability on your network or system.

Mitigation Strategies

No workaround is available for this vulnerability.

The recommended immediate step is to upgrade to a patched version of FreeBSD dated after April 29, 2026.

  • Use the freebsd-update tool to apply the binary patch.
  • Alternatively, apply the source code patches and recompile the system.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-39457. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart