21-year-old RCE vulnerability in FreeBSD (CVE-2026-42511)

The article describes the critical vulnerability CVE-2026-42511 in the FreeBSD DHCP client (dhclient), which existed for more than 20 years and allowed arbitrary code execution with root privileges. The issue lies in the fact that the BOOTP "file" field is written into the lease file without proper escaping; later, during reprocessing, this file is interpreted as a configuration and passed to dhclient-script, where it can be executed as malicious code.

An attacker only needs to control the DHCP server on the same network (for example, via a rogue Wi-Fi access point or DHCP response spoofing) to inject malicious instructions and achieve full system compromise.

📎 Article: https://aisle.com/blog/aisle-discovers-cve-2026-42511-a-21-year-old-freebsd-remote-command-execution-vulnerability#the-vulnerability

💬 Discuss