Description
sigqueue(2) was marked as permitted in capability mode with the introduction of Capsicum in 2011, but the implementation of kern_sigqueue did not include a capability mode check restricting signal delivery to the calling process's own PID.

A process in capability mode can use sigqueue(2) to send signals to any process it could signal following standard Unix permissions, bypassing the Capsicum sandbox restriction. A compromised sandboxed process could interfere with other processes, for example by sending SIGKILL or SIGSTOP. This could be any process running as the same user, or any process, for a superuser sandboxed process.
Published: 2026-06-27
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the implementation of the sigqueue(2) system call within the FreeBSD kernel. Though sigqueue(2) was granted permission in capability mode during the 2011 addition of Capsicum, the kern_sigqueue function was not updated to enforce capability mode restrictions. A sandboxed process with capability mode privileges can therefore use sigqueue(2) to send signals to any other process it is authorized to signal by standard Unix permissions. An attacker compromising a sandboxed process can send SIGKILL, SIGSTOP or other signals to interfere with or terminate processes belonging to the same user or, in the case of a superuser sandboxed process, to any process on the host system. This bypasses Capsicum’s intended sandbox protection and effectively escalates privileges.

Affected Systems

The flaw affects all affected FreeBSD releases that have not applied the fix referenced in the FreeBSD security advisory FreeBSD-SA-26:28.capsicum. Specific version information is not provided, so all unpatched installations are considered vulnerable. The vulnerability impacts the kernel and any user processes that could employ sigqueue(2) under Capsicum restrictions.

Risk and Exploitability

Because the vulnerability allows a sandboxed process to target arbitrary processes, it has the potential for local privilege escalation and denial of service. The CVSS score is 6.5, but the inability to enforce capability mode restrictions is a severe issue. The EPSS score is < 1%, and the flaw is not yet present in CISA KEV, but the ease of exploitation and the critical nature of signal handling recommend prompt remediation.

Generated by OpenCVE AI on June 29, 2026 at 15:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the patch released in the FreeBSD security advisory FreeBSD-SA-26:28.capsicum to update the kern_sigqueue implementation.
  • Limit the signal capability for sandboxed processes, granting signal delivery only to processes that truly require it.
  • Enable audit logging for sigqueue(2) calls and monitor for unexpected signal delivery from sandboxed processes, and if possible, restrict Capsicum usage on non-essential services.

Generated by OpenCVE AI on June 29, 2026 at 15:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 29 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sat, 27 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Freebsd
Freebsd freebsd
Vendors & Products Freebsd
Freebsd freebsd

Sat, 27 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description sigqueue(2) was marked as permitted in capability mode with the introduction of Capsicum in 2011, but the implementation of kern_sigqueue did not include a capability mode check restricting signal delivery to the calling process's own PID. A process in capability mode can use sigqueue(2) to send signals to any process it could signal following standard Unix permissions, bypassing the Capsicum sandbox restriction. A compromised sandboxed process could interfere with other processes, for example by sending SIGKILL or SIGSTOP. This could be any process running as the same user, or any process, for a superuser sandboxed process.
Title sigqueue(2) missing capability mode restriction
Weaknesses CWE-266
References

cve-icon MITRE

Status: PUBLISHED

Assigner: freebsd

Published:

Updated: 2026-06-29T13:10:40.990Z

Reserved: 2026-05-11T16:27:44.892Z

Link: CVE-2026-45259

cve-icon Vulnrichment

Updated: 2026-06-29T13:10:23.916Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T16:00:05Z

Weaknesses
  • CWE-266

    Incorrect Privilege Assignment