CVE-2026-4748
April 2, 2026, 8:47 p.m.
7.5
High
Description
A regression in the way hashes were calculated caused rules containing the address range syntax (x.x.x.x - y.y.y.y) that only differ in the address range(s) involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed using the address[/mask-bits] syntax were not affected.
Some keywords representing actions taken on a packet-matching rule, such as 'log', 'return tll', or 'dnpipe', may suffer from the same issue. It is unlikely that users have such configurations, as these rules would always be redundant.
Affected rules are silently ignored, which can lead to unexpected behaviour including over- and underblocking.
Product(s) Impacted
| Vendor | Product | Versions |
|---|---|---|
| Freebsd |
|
|
Weaknesses
Common security weaknesses mapped to this vulnerability.
CWE-480
Use of Incorrect Operator
The product accidentally uses the wrong operator, which changes the logic in security-relevant ways.
*CPE(s)
Affected systems and software identified for this CVE.
| Type | Vendor | Product | Version | Update | Edition | Language | Software Edition | Target Software | Target Hardware | Other Information |
|---|---|---|---|---|---|---|---|---|---|---|
| o | freebsd | freebsd | / | / | / | / | / | / | / | / |
| o | freebsd | freebsd | 14.3 | - | / | / | / | / | / | / |
| o | freebsd | freebsd | 14.3 | p1 | / | / | / | / | / | / |
| o | freebsd | freebsd | 14.3 | p2 | / | / | / | / | / | / |
| o | freebsd | freebsd | 14.3 | p3 | / | / | / | / | / | / |
| o | freebsd | freebsd | 14.3 | p4 | / | / | / | / | / | / |
| o | freebsd | freebsd | 14.3 | p5 | / | / | / | / | / | / |
| o | freebsd | freebsd | 14.3 | p6 | / | / | / | / | / | / |
| o | freebsd | freebsd | 14.3 | p7 | / | / | / | / | / | / |
| o | freebsd | freebsd | 14.3 | p8 | / | / | / | / | / | / |
| o | freebsd | freebsd | 14.3 | p9 | / | / | / | / | / | / |
| o | freebsd | freebsd | 14.4 | - | / | / | / | / | / | / |
| o | freebsd | freebsd | 14.4 | rc1 | / | / | / | / | / | / |
| o | freebsd | freebsd | 15.0 | - | / | / | / | / | / | / |
| o | freebsd | freebsd | 15.0 | p1 | / | / | / | / | / | / |
| o | freebsd | freebsd | 15.0 | p2 | / | / | / | / | / | / |
| o | freebsd | freebsd | 15.0 | p3 | / | / | / | / | / | / |
| o | freebsd | freebsd | 15.0 | p4 | / | / | / | / | / | / |
Tags
CVSS Score
CVSS Data - 3.1
- Attack Vector: NETWORK
- Attack Complexity: LOW
- Privileges Required: NONE
- Scope: UNCHANGED
- Confidentiality Impact: HIGH
- Integrity Impact: NONE
- Availability Impact: NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Timeline
Published: April 1, 2026, 7:16 a.m.
Last Modified: April 2, 2026, 8:47 p.m.
Last Modified: April 2, 2026, 8:47 p.m.
Status : Analyzed
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
More infoSource
*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.