1 article
A new vulnerability in FreeBSD's NFS networking stack has been disclosed as CVE-2026-42511, distinct from the previously covered CVE-2026-4747 (the 17-year-old NFSv4 daemon RCE). CVE-2026-42511 affects the NFS client implementation and is exploitable by a malicious NFS server to achieve code execution on FreeBSD hosts connecting to untrusted NFS mounts — a relevant threat model for enterprise environments mounting network storage from potentially compromised infrastructure.