NVD - cve-2026-57589
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock () or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Information Technology Laboratory
National Vulnerability Database
National Vulnerability Database
NVD
Vulnerabilities
CVE-2026-57589<br>Detail
Awaiting Enrichment
This CVE record has been marked for NVD enrichment efforts.
Description
sys/kern/sysv_sem.c in OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root. This is a context switch use-after-free after tsleep in sys_semget().
Metrics
 
CVSS Version 4.0
CVSS Version 3.x
CVSS Version 2.0
NVD enrichment efforts reference publicly available information to associate<br>vector strings. CVSS information contributed by other sources is also<br>displayed.
CVSS 4.0 Severity and Vector Strings:
NIST: NVD
N/A
NVD assessment<br>not yet provided.
CVSS 3.x Severity and Vector Strings:
NIST: NVD
Base<br>Score: N/A
NVD assessment<br>not yet provided.
CNA: MITRE
Base<br>Score: 7.4 HIGH
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H<br>CVSS v3.1 Severity and Metrics: Base Score: 7.4 HIGH Vector: AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Impact Score: 5.9 Exploitability Score: 1.4 Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None Scope (S): Unchanged Confidentiality (C): High Integrity (I): High Availability (A): High "/>
-->
-->
CVSS 2.0 Severity and Vector Strings:
NIST: NVD
Base<br>Score: N/A
NVD assessment<br>not yet provided.
-->
-->
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace.<br>We have provided these links to other web sites because they<br>may have information that would be of interest to you. No<br>inferences should be drawn on account of other sites being<br>referenced, or not, from this page. There may be other web<br>sites that are more appropriate for your purpose. NIST does<br>not necessarily endorse the views expressed, or concur with<br>the facts presented on these sites. Further, NIST does not<br>endorse any commercial products that may be mentioned on<br>these sites. Please address comments about this page to [email protected].
URL<br>Source(s)<br>Tag(s)
https://github.com/openbsd/src/commit/1957873d2063db11dab780eca75b5e629d1e838d
MITRE
https://openai.com/index/patch-the-planet/
MITRE
Weakness Enumeration
CWE-ID<br>CWE Name<br>Source
CWE-416
Use After Free
MITRE
Change History
3 change records found show changes
CVE Modified by CISA-ADP<br>6/26/2026 1:16:31 AM
Action<br>Type<br>Old Value<br>New Value
Changed<br>SSVC
{"timestamp":"2026-06-25T12:34:51.474289Z","id":"CVE-2026-57589","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}
{"timestamp":"2026-06-25T00:00:00+00:00","id":"CVE-2026-57589","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}
CVE Modified by CISA-ADP<br>6/25/2026 9:16:49 AM
Action<br>Type<br>Old Value<br>New Value
Added<br>SSVC
{"timestamp":"2026-06-25T12:34:51.474289Z","id":"CVE-2026-57589","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}
New CVE Received from MITRE<br>6/24/2026 9:16:26 PM
Action<br>Type<br>Old Value<br>New Value
Added<br>Description
sys/kern/sysv_sem.c in OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root. This is a context switch use-after-free after tsleep in sys_semget().
Added<br>CVSS V3.1
AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Added<br>CWE
CWE-416
Added<br>Reference
https://github.com/openbsd/src/commit/1957873d2063db11dab780eca75b5e629d1e838d
Added<br>Reference
https://openai.com/index/patch-the-planet/
Added<br>Affected
[{"vendor":"OpenBSD","product":"OpenBSD","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"7.9","versionType":"custom","status":"affected"}]}]
Quick Info
CVE Dictionary Entry:<br>CVE-2026-57589<br>NVD<br>Published Date:<br>06/24/2026<br>NVD<br>Last Modified:<br>06/26/2026
Source:<br>MITRE