Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

CVE-2026-45158: OPNsense Firewall Allows Remote Code Execution as Root

CVE-2026-45158

Summary

If you're using an OPNsense firewall version prior to 26.1.8, an attacker could potentially execute malicious code on your system. This is a serious issue because it could give an attacker complete control over your system. To fix this, update your OPNsense firewall to version 26.1.8 or later.

Original title

Original description

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, unsanitized user input is passed to the DHCP configuration of the configured interface, which is processed by a shell script, allowing remote code execution as root on the underlying operating system. This vulnerability is fixed in 26.1.8.

nvd CVSS3.1 9.1

Vulnerability type

CWE-88

https://github.com/opnsense/core/security/advisories/GHSA-5rx3-w735-74wm

Published: 13 May 2026 · Updated: 28 May 2026 · First seen: 13 May 2026