CVE-2026-42511

Name of the Vulnerable Software and Affected Versions FreeBSD dhclient (affected versions not specified)

Description The FreeBSD DHCP client fails to escape embedded double-quotes when writing the BOOTP file field to the lease file. This allows a rogue DHCP server on the same network to inject arbitrary dhclient.conf directives. When the lease file is re-parsed, such as after a system restart, the attacker-controlled field is passed to the dhclient-script() function, which evaluates it, potentially leading to arbitrary code execution with root privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.