OpenBSD use-after-free leads to local privilege escalation to root

nvd.nist.gov · ⭐️ 8/10 · 2026-07-08

A use-after-free vulnerability (CVE-2026-57589) has been discovered in OpenBSD, allowing a local attacker to escalate privileges to root. This vulnerability is significant because OpenBSD is renowned for its security focus, and a local privilege escalation bug could undermine that reputation. It affects all systems running the vulnerable version. The vulnerability was discovered as part of the 'Patch The Planet' initiative by OpenAI and Trail of Bits. Details are currently limited; the OpenBSD security page does not yet list it.

Background

OpenBSD is a free, Unix-like operating system focused on security and correctness. Local privilege escalation is an attack where a user with limited access gains higher privileges, such as root, by exploiting a software flaw.

References

Discussion

Comments highlight that the bug was found via AI-assisted vulnerability hunting, praise OpenBSD's strong security record, and question why it's not yet on the official OpenBSD security page. Some express curiosity about how many more vulnerabilities might be discovered by similar projects.

Read original