CVE-2026-42511

Name of the Vulnerable Software and Affected Versions FreeBSD dhclient (all supported versions)

Description A flaw exists in how the DHCP client processes network configuration parameters. The BOOTP file field is written to the lease file without escaping embedded double-quotes, which allows the injection of arbitrary dhclient.conf directives. When the lease file is re-parsed by dhclient, such as after a system restart, an attacker-controlled field is passed to the dhclient-script() function, which evaluates it. This enables a rogue DHCP server to execute arbitrary code as root on the affected system.

Recommendations Apply the security patch provided by the FreeBSD Project and reboot the system.