THE FreeBSD Project has issued critical security advisories addressing seven vulnerabilities in its core operating system. Notable vulnerabilities include:
1. **Wi-Fi Scanner RCE (CVE-2026-45255)**: A severe input expansion vulnerability in `bsdinstall` allows attackers to execute arbitrary code via malicious network names during Wi-Fi scans.
2. **Kernel Vulnerabilities**:
- **Buffer Overflow (CVE-2026-45250)**: The `setcred(2)` call is prone to stack overflow, enabling unauthorized privilege escalation.
- **Use-After-Free Error (CVE-2026-45251)**: Issues with file descriptor handling could let blocked threads access freed memory.
3. **Sandboxing and Capabilities Issues**: Vulnerabilities in `fusefs`, `libcasper`, and `libcap_net` allow for privilege escalation and memory leaks through improper validation and logic flaws.
Administrators are urged to patch their systems urgently as many flaws have no known workarounds. Recommendations for patching include updating through binary sets or source code followed by a reboot.