Severity: Unknown
Affected Package: kernel/audit
Summary: Incorrect audit records for ptrace(PT_SC_REMOTE) syscalls (CVE-2026-49426)
When auditing a system call executed via ptrace(PT_SC_REMOTE), the MidnightBSD kernel passed the return value of an internal setup function to AUDIT_SYSCALL_EXIT() instead of the actual result of the executed system call. 1. Return of wrong status code in audit (CWE-393, CVE-2026-49426) - committed audit records for remotely executed system calls that failed incorrectly indicated success. An attacker able to debug a process could produce misleading audit trails, potentially undermining audit-based intrusion detection. Systems that do not use audit(4) are not affected.
No specific recommendations provided.
Aliases: CVE-2026-49426
Published: July 01, 2026
Last Modified: July 01, 2026