CVE-2026-2035

Name of the Vulnerable Software and Affected Versions Deciso OPNsense (affected versions not specified)

Description A flaw exists in the handling of backup configuration files within Deciso OPNsense. The issue stems from insufficient validation of user-provided input before it is used in a system call, potentially allowing network-adjacent attackers to execute arbitrary code. Successful exploitation requires authentication and results in code execution with root privileges. The vulnerable file is diag backup.php. The vulnerability was identified as ZDI-CAN-28131.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.