CVE-2026-45158 – OPNsense: Command Injection via Attacker-Controlled DHCP Config

CVE ID :CVE-2026-45158

Published : May 13, 2026, 10:16 p.m. | 2 hours, 41 minutes ago

Description :OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, unsanitized user input is passed to the DHCP configuration of the configured interface, which is processed by a shell script, allowing remote code execution as root on the underlying operating system. This vulnerability is fixed in 26.1.8.

Severity: 9.1 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-46419 – Yubico Webauthn-Server Core Java Webauthn Impersonation Vulnerability

CVE-2026-44919 – OpenStack Ironic Infinite Loop File Protocol Checksum Vulnerability

CVE-2026-41281 – KDDI CORPORATION Android App “あんしんフィルター for au” Cleartext Transmission of Sensitive Information

CVE-2026-8500 – Web::Passwd versions through 0.03 for Perl is vulnerable to RCE