Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.1
CVE-2026-44193: OPNsense Firewall Allows Remote Attackers to Run Malicious Code
CVE-2026-44193
Summary
A security issue in older versions of OPNsense's firewall and routing platform allows attackers to run malicious code on the system. This is a serious risk because it could be used to take control of the system or disrupt its operation. To fix this, update to version 26.1.7 or later.
Original title
OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, the XMLRPC method opnsense.restore_config_section fails to sanitize user supplied input leading to Remote Code Execution....
Original description
OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, the XMLRPC method opnsense.restore_config_section fails to sanitize user supplied input leading to Remote Code Execution. This vulnerability is fixed in 26.1.7.
nvd CVSS3.1
9.1
Vulnerability type
CWE-88
Published: 13 May 2026 · Updated: 28 May 2026 · First seen: 13 May 2026