CVE 9.1 CRITICAL

OPNsense: Command Injection via Attacker-Controlled DHCP Config_CVE-2026-45158

May 13, 2026 invoker category_cve

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Description

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, unsanitized user input is passed to the DHCP configuration of the configured interface, which is processed by a shell script, allowing remote code execution as root on the underlying operating system. This vulnerability is fixed in 26.1.8.

AI Analysis

Unsanitized user input allows remote code execution as root via DHCP configuration

Basic Information

ID CVE-2026-45158

Source GitHub_M

Published May 13, 2026 at 21:54

Affected Product

Vendor opnsense

Product core

Version < 26.1.8

Affected Versions opnsense core < 26.1.8

CWE Classification

CWE-88

AI Assessment

AI Score 9.1 / 10

AI Severity Critical

Vendor Deciso

Product OPNsense

Version < 26.1.8

References

github.com /opnsense/core/security/advisories/GHSA-5rx3-w735-74wm

{
    "lastseen": "",
    "description": "OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, unsanitized user input is passed to the DHCP configuration of the configured interface, which is processed by a shell script, allowing remote code execution as root on the underlying operating system. This vulnerability is fixed in 26.1.8.",
    "published": "2026-05-13T21:54:31.679Z",
    "modified": "2026-05-13T21:54:31.679Z",
    "type": "cve",
    "title": "OPNsense: Command Injection via Attacker-Controlled DHCP Config",
    "source": "GitHub_M",
    "references": "https://github.com/opnsense/core/security/advisories/GHSA-5rx3-w735-74wm",
    "id": "CVE-2026-45158",
    "bulletinFamily": "",
    "cwe": [
        "CWE-88"
    ],
    "cvelist": null,
    "sourceData": "opnsense core < 26.1.8",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "core",
    "version": "< 26.1.8",
    "vendor": "opnsense",
    "ai_description": "Unsanitized user input allows remote code execution as root via DHCP configuration",
    "ai_severity": "Critical",
    "ai_vendor": "Deciso",
    "ai_product": "OPNsense",
    "ai_version": "< 26.1.8",
    "ai_score": 9.1
}

💭 Join the Security Discussion ❌ Cancel Reply