pf silently ignores certain rules
Summary
| CVE | CVE-2026-4748 |
|---|---|
| State | PUBLISHED |
| Assigner | freebsd |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-04-01 07:16:02 UTC |
| Updated | 2026-04-02 20:47:20 UTC |
| Description | A regression in the way hashes were calculated caused rules containing the address range syntax (x.x.x.x - y.y.y.y) that only differ in the address range(s) involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed using the address[/mask-bits] syntax were not affected. Some keywords representing actions taken on a packet-matching rule, such as 'log', 'return tll', or 'dnpipe', may suffer from the same issue. It is unlikely that users have such configurations, as these rules would always be redundant. Affected rules are silently ignored, which can lead to unexpected behaviour including over- and underblocking. |
Risk And Classification
Primary CVSS: v3.1 7.5 HIGH from ADP
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS: 0.000310000 probability, percentile 0.087900000 (date 2026-04-02)
Problem Types: CWE-480 | CWE-754 | CWE-1023 | CWE-480 CWE-480: Use of Incorrect Operator | CWE-754 CWE-754: Improper Check for Unusual or Exceptional Conditions | CWE-1023 CWE-1023: Incomplete Comparison with Missing Factors
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | ADP | DECLARED | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| 3.1 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
NoneAvailability
NoneCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Freebsd | Freebsd | All | All | All | All |
| Operating System | Freebsd | Freebsd | 14.3 | - | All | All |
| Operating System | Freebsd | Freebsd | 14.3 | p1 | All | All |
| Operating System | Freebsd | Freebsd | 14.3 | p2 | All | All |
| Operating System | Freebsd | Freebsd | 14.3 | p3 | All | All |
| Operating System | Freebsd | Freebsd | 14.3 | p4 | All | All |
| Operating System | Freebsd | Freebsd | 14.3 | p5 | All | All |
| Operating System | Freebsd | Freebsd | 14.3 | p6 | All | All |
| Operating System | Freebsd | Freebsd | 14.3 | p7 | All | All |
| Operating System | Freebsd | Freebsd | 14.3 | p8 | All | All |
| Operating System | Freebsd | Freebsd | 14.3 | p9 | All | All |
| Operating System | Freebsd | Freebsd | 14.4 | - | All | All |
| Operating System | Freebsd | Freebsd | 14.4 | rc1 | All | All |
| Operating System | Freebsd | Freebsd | 15.0 | - | All | All |
| Operating System | Freebsd | Freebsd | 15.0 | p1 | All | All |
| Operating System | Freebsd | Freebsd | 15.0 | p2 | All | All |
| Operating System | Freebsd | Freebsd | 15.0 | p3 | All | All |
| Operating System | Freebsd | Freebsd | 15.0 | p4 | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| security.freebsd.org/advisories/FreeBSD-SA-26:09.pf.asc | [email protected] | security.freebsd.org | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Michael Gmelin (en)
There are currently no legacy QID mappings associated with this CVE.