CVE-2026-45158

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OPNsense versions prior to 26.1.8

Description Unsanitized user input is passed to the DHCP configuration of the configured interface and subsequently processed by a shell script. This allows remote code execution as root on the underlying operating system.

Recommendations Update to version 26.1.8.

Fix

RCE

Argument Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-88

Related Identifiers

CVE-2026-45158

Affected Products

Opnsense

CVE-2026-45158

Weakness Enumeration

Related Identifiers

Affected Products

References · 8