FreeBSD Patches Critical DHCP Client Vulnerability Allowing Root-Level Remote Code Execution The FreeBSD Project has issued a critical security advisory (CVE-2026-42511) addressing a severe flaw in its default IPv4 DHCP client, dhclient(8). The vulnerability enables a local network attacker to execute arbitrary code with root privileges, granting full control over affected systems. The issue stems from improper handling of the BOOTP file field in DHCP server responses. When a device requests network configuration, dhclient writes the received BOOTP data to a local lease file without sufficient validation. This oversight allows malicious actors to craft malicious DHCP responses, triggering code execution during lease processing. The flaw underscores the risks of untrusted network environments, even within seemingly secure internal networks. FreeBSD has released patches to mitigate the vulnerability, urging administrators to update affected systems promptly. No active exploitation has been reported at this time.

Critical FreeBSD Jail Escape Vulnerability (CVE-2025-15576) Exposes Host Systems to Full Filesystem Access A severe vulnerability in FreeBSD’s jail subsystem, tracked as CVE-2025-15576, allows attackers to bypass isolation mechanisms and gain unauthorized access to the host’s underlying filesystem. Disclosed on February 24, 2026, the flaw affects FreeBSD 14.3 and 13.5, enabling a complete jailbreak under specific configurations. FreeBSD jails use OS-level virtualization to restrict processes to isolated environments, similar to chroot. However, CVE-2025-15576 exploits a flaw in how directory file descriptors are handled when two sibling jails interact. If an administrator configures these jails to share a directory via a nullfs mount and establishes a Unix domain socket connection between them, malicious processes can exchange directory descriptors. The kernel fails to validate these descriptors properly, allowing a process to access directories outside its jail effectively breaking filesystem isolation. The impact is severe: attackers with control over processes in both jails can read, modify, or exfiltrate sensitive system files, escalate privileges, or compromise the host. No temporary workarounds exist; patching is mandatory. Administrators using binary distributions (e.g., FreeBSD 14.3/13.5 RELEASE) must run: ``` freebsd-update fetch freebsd-update install ``` followed by a reboot to apply the fix. Source-based installations require downloading the patch from FreeBSD’s security portal, verifying its PGP signature, and recompiling the kernel. Systems must run a patched kernel dated after February 24, 2026, to ensure protection.