{"api_version":"1","generated_at":"2026-04-22T19:18:04+00:00","cve":"CVE-2026-4748","urls":{"html":"https://cve.report/CVE-2026-4748","api":"https://cve.report/api/cve/CVE-2026-4748.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-4748","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-4748"},"summary":{"title":"pf silently ignores certain rules","description":"A regression in the way hashes were calculated caused rules containing the address range syntax (x.x.x.x - y.y.y.y) that only differ in the address range(s) involved to be silently dropped as duplicates.  Only the first of such rules is actually loaded into pf.  Ranges expressed using the address[/mask-bits] syntax were not affected.\n\nSome keywords representing actions taken on a packet-matching rule, such as 'log', 'return tll', or 'dnpipe', may suffer from the same issue.  It is unlikely that users have such configurations, as these rules would always be redundant.\n\nAffected rules are silently ignored, which can lead to unexpected behaviour including over- and underblocking.","state":"PUBLISHED","assigner":"freebsd","published_at":"2026-04-01 07:16:02","updated_at":"2026-04-02 20:47:20"},"problem_types":["CWE-480","CWE-754","CWE-1023","CWE-480 CWE-480: Use of Incorrect Operator","CWE-754 CWE-754: Improper Check for Unusual or Exceptional Conditions","CWE-1023 CWE-1023: Incomplete Comparison with Missing Factors"],"metrics":[{"version":"3.1","source":"ADP","type":"DECLARED","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"https://security.freebsd.org/advisories/FreeBSD-SA-26:09.pf.asc","name":"https://security.freebsd.org/advisories/FreeBSD-SA-26:09.pf.asc","refsource":"secteam@freebsd.org","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-4748","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4748","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"FreeBSD","product":"FreeBSD","version":"affected 15.0-RELEASE p5 release","platforms":[]},{"source":"CNA","vendor":"FreeBSD","product":"FreeBSD","version":"affected 14.4-RELEASE p1 release","platforms":[]},{"source":"CNA","vendor":"FreeBSD","product":"FreeBSD","version":"affected 14.3-RELEASE p10 release","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Michael Gmelin","lang":"en"}],"nvd_cpes":[{"cve_year":"2026","cve_id":"4748","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"4748","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"14.3","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"4748","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"14.3","cpe7":"p1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"4748","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"14.3","cpe7":"p2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"4748","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"14.3","cpe7":"p3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"4748","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"14.3","cpe7":"p4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"4748","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"14.3","cpe7":"p5","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"4748","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"14.3","cpe7":"p6","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"4748","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"14.3","cpe7":"p7","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"4748","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"14.3","cpe7":"p8","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"4748","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"14.3","cpe7":"p9","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"4748","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"14.4","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"4748","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"14.4","cpe7":"rc1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"4748","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"15.0","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"4748","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"15.0","cpe7":"p1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"4748","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"15.0","cpe7":"p2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"4748","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"15.0","cpe7":"p3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"4748","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"15.0","cpe7":"p4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"4748","cve":"CVE-2026-4748","epss":"0.000430000","percentile":"0.130050000","score_date":"2026-04-07","updated_at":"2026-04-08 00:03:39"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"}},{"other":{"content":{"id":"CVE-2026-4748","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-04-01T14:55:44.105033Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-04-01T14:56:02.208Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unknown","modules":["pf"],"product":"FreeBSD","vendor":"FreeBSD","versions":[{"lessThan":"p5","status":"affected","version":"15.0-RELEASE","versionType":"release"},{"lessThan":"p1","status":"affected","version":"14.4-RELEASE","versionType":"release"},{"lessThan":"p10","status":"affected","version":"14.3-RELEASE","versionType":"release"}]}],"credits":[{"lang":"en","type":"finder","value":"Michael Gmelin"}],"datePublic":"2026-03-26T05:00:00.000Z","descriptions":[{"lang":"en","value":"A regression in the way hashes were calculated caused rules containing the address range syntax (x.x.x.x - y.y.y.y) that only differ in the address range(s) involved to be silently dropped as duplicates.  Only the first of such rules is actually loaded into pf.  Ranges expressed using the address[/mask-bits] syntax were not affected.\n\nSome keywords representing actions taken on a packet-matching rule, such as 'log', 'return tll', or 'dnpipe', may suffer from the same issue.  It is unlikely that users have such configurations, as these rules would always be redundant.\n\nAffected rules are silently ignored, which can lead to unexpected behaviour including over- and underblocking."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-480","description":"CWE-480: Use of Incorrect Operator","lang":"en","type":"CWE"},{"cweId":"CWE-754","description":"CWE-754: Improper Check for Unusual or Exceptional Conditions","lang":"en","type":"CWE"},{"cweId":"CWE-1023","description":"CWE-1023: Incomplete Comparison with Missing Factors","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-01T06:18:52.097Z","orgId":"63664ac6-956c-4cba-a5d0-f46076e16109","shortName":"freebsd"},"references":[{"tags":["vendor-advisory"],"url":"https://security.freebsd.org/advisories/FreeBSD-SA-26:09.pf.asc"}],"title":"pf silently ignores certain rules","x_generator":{"engine":"cvelib 1.8.0"}}},"cveMetadata":{"assignerOrgId":"63664ac6-956c-4cba-a5d0-f46076e16109","assignerShortName":"freebsd","cveId":"CVE-2026-4748","datePublished":"2026-04-01T06:18:52.097Z","dateReserved":"2026-03-24T04:14:17.566Z","dateUpdated":"2026-04-01T14:56:02.208Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-04-01 07:16:02","lastModifiedDate":"2026-04-02 20:47:20","problem_types":["CWE-480","CWE-754","CWE-1023","CWE-480 CWE-480: Use of Incorrect Operator","CWE-754 CWE-754: Improper Check for Unusual or Exceptional Conditions","CWE-1023 CWE-1023: Incomplete Comparison with Missing Factors"],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*","versionStartIncluding":"14.0","versionEndExcluding":"14.4","matchCriteriaId":"B18512F3-168B-42C3-9579-58A44E18B50B"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:-:*:*:*:*:*:*","matchCriteriaId":"9DC7C54E-58AF-4ADE-84AF-0EF0F325E20E"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p1:*:*:*:*:*:*","matchCriteriaId":"D3D22B8C-36CF-4800-9673-0B0240558BDD"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p2:*:*:*:*:*:*","matchCriteriaId":"242FA2A8-5D7D-4617-A411-2651FF3A3E4C"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p3:*:*:*:*:*:*","matchCriteriaId":"40573F60-F3B7-4AEC-846A-B08E5B7D9D00"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p4:*:*:*:*:*:*","matchCriteriaId":"1FB832CE-0A98-44A2-8BAC-CD38A64279B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p5:*:*:*:*:*:*","matchCriteriaId":"9A785F8E-C218-41AE-8D57-BF06DDAEF7CB"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p6:*:*:*:*:*:*","matchCriteriaId":"C3909FDD-B2A2-45B6-A40B-1D303A717F15"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p7:*:*:*:*:*:*","matchCriteriaId":"720597A2-F181-46E1-8A0D-097E17ADC4FB"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p8:*:*:*:*:*:*","matchCriteriaId":"DC8A75D0-148A-427A-9783-45477EABED21"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p9:*:*:*:*:*:*","matchCriteriaId":"F5D39FC9-6DBA-46C8-BB80-A6188E6A8527"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.4:-:*:*:*:*:*:*","matchCriteriaId":"8F3856BE-666F-4FA1-A6AD-FE179CEBF1E4"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.4:rc1:*:*:*:*:*:*","matchCriteriaId":"0342A715-E211-4AF6-97ED-32EB9EBB947D"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:-:*:*:*:*:*:*","matchCriteriaId":"368CFE5D-C5C2-42AF-AAF4-28DFE1A59C3B"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p1:*:*:*:*:*:*","matchCriteriaId":"AA4AAA57-70A7-4717-ACF2-A253E757FF2C"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p2:*:*:*:*:*:*","matchCriteriaId":"E24ABFA6-4D12-4DE5-832B-438502C7D188"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p3:*:*:*:*:*:*","matchCriteriaId":"C1C9869C-494B-4628-9AA3-4AA5B989C377"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p4:*:*:*:*:*:*","matchCriteriaId":"002AA2FE-C7BA-471A-9434-0E56A878ACBF"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"4748","Ordinal":"1","Title":"pf silently ignores certain rules","CVE":"CVE-2026-4748","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"4748","Ordinal":"1","NoteData":"A regression in the way hashes were calculated caused rules containing the address range syntax (x.x.x.x - y.y.y.y) that only differ in the address range(s) involved to be silently dropped as duplicates.  Only the first of such rules is actually loaded into pf.  Ranges expressed using the address[/mask-bits] syntax were not affected.\n\nSome keywords representing actions taken on a packet-matching rule, such as 'log', 'return tll', or 'dnpipe', may suffer from the same issue.  It is unlikely that users have such configurations, as these rules would always be redundant.\n\nAffected rules are silently ignored, which can lead to unexpected behaviour including over- and underblocking.","Type":"Description","Title":"pf silently ignores certain rules"}]}}}