What is GHSA-rx3c-36rq-fgf8?

GHSA-rx3c-36rq-fgf8 is a security advisory published by GitHub Security Advisories with Medium severity. In the case of the cap_net service, when a key present in the old limit was omitted from the new...

Which CVE IDs does GHSA-rx3c-36rq-fgf8 cover?

GHSA-rx3c-36rq-fgf8 covers the following CVE IDs: CVE-2026-45254. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-rx3c-36rq-fgf8?

GHSA-rx3c-36rq-fgf8 has a CVSS v3 base score of 6.5, published by GitHub Security Advisories.

GHSA-rx3c-36rq-fgf8MediumCVSS 6.5

In the case of the cap_net service, when a key present in the old limit was omitted from the new...

Vendor

GitHub Security Advisories

Published

May 21, 2026

Last Modified

May 21, 2026

🔗 CVE IDs covered (1)

CVE-2026-45254 →

📋 Description

In the case of the cap_net service, when a key present in the old limit was omitted from the new limit, the missing key was treated as "allow any" instead of being rejected. In certain scenarios, an application that had previously restricted a subset of network operations could ask for a new limit that extended the permissions of the process.

🔗 References (3)

https://nvd.nist.gov/vuln/detail/CVE-2026-45254
https://security.freebsd.org/advisories/FreeBSD-SA-26:24.cap_net.asc
https://github.com/advisories/GHSA-rx3c-36rq-fgf8