FatGid - FreeBSD 14.x kernel LPE
FatGid is a local privilege escalation (LPE) exploit disclosed on May 21, 2026, targeting FreeBSD 14.x kernels. The vulnerability resides in the POSIX message queue subsystem, where a race condition allows an unprivileged attacker to escalate privileges to root. The exploit has been published on the FatGid website (fatgid.io) with full proof-of-concept code, making it accessible to security researchers and malicious actors alike. FreeBSD 14.0 and 14.1 are confirmed affected; users are urged to apply patches or mitigations immediately. The vulnerability was discovered by an anonymous researcher and reported through the FreeBSD security team. No CVE has been assigned as of publication. The exploit requires local access, but given the widespread use of FreeBSD in servers and embedded systems, the impact could be severe for unpatched installations. Administrators should prioritize updating to the latest patched kernel version or implementing kernel hardening measures.
Unpatched FreeBSD 14.x systems are at risk of full root compromise via a publicly available exploit.