CVE-2026-7164

Name: CVE-2026-7164
Creator: NVD / NIST
Published: 2026-04-30T08:16:07.653+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 0.43%

Last modified Jun 17, 2026

CVE-2026-7164 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. Remote attackers can craft packets which cause affected systems to panic. EPSS estimates a 0.43% chance of exploitation in the next 30 days.

Description

Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. Remote attackers can craft packets which cause affected systems to panic. This affects any system where pf is configured to process traffic, independent of the configured ruleset.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

0.43%

34.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Freebsd	Freebsd	13.5
Freebsd	Freebsd	14.3
Freebsd	Freebsd	14.4
Freebsd	Freebsd	15.0

References

https://security.freebsd.org/advisories/FreeBSD-SA-26:14.pf.ascVendor Advisory

Timeline

Published: Apr 30, 2026
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2026-7164?

How severe is CVE-2026-7164?

CVE-2026-7164 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 0.43% probability of exploitation in the next 30 days.

How do I fix CVE-2026-7164?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2026-7164?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST