FREEBSD has addressed a critical security flaw designated as CVE-2026-45257, which allows any unprivileged user to gain local root access due to a vulnerability in the Kernel TLS (kTLS) receive path. This vulnerability exists in versions 13.0 through 13.4, 14.0 through 14.2, and 15.0-RELEASE of FreeBSD, affecting multiple architectures. The flaw permits escalation without needing complex setups, simply requiring stock system configurations.
A public proof-of-concept exploit has been released, highlighting the urgency for patching the issue to protect systems. Workarounds are available if immediate patching isn't possible, and the flaw was disclosed on June 10, 2026.