FreeBSD pf Stack Overflow Vulnerability (SA-26:14) Vulnerability Overview Vulnerability ID: CVE-2026-7164 Publication Date: 2026-04-29 Module: pf (Packet Filter) Description: A stack overflow vulnerability exists in when parsing crafted SCTP packets. Because the SCTP protocol supports multihoming, parses SCTP packets to discover additional addresses. Improper packet validation allows unlimited recursive parsing of SCTP chunk parameters, leading to a stack overflow and system panic. Affected Systems Affected Systems: All supported versions of FreeBSD. Affected Branches: - stable/15.0 - stable/14.4 - stable/14.3 - stable/13.5 Trigger Conditions: Any system configured with the firewall that processes traffic. Remediation 1. Update using pkg(8): 2. Update using freebsd-update: 3. Manual Patching: - Download the patch file for the corresponding version (e.g., ). - Verify the signature: - Apply the patch: - Recompile the kernel and reboot. References FreeBSD Security Advisory CVE Details