cbcvebase.

Opnsense Core vulnerabilities

6 known vulnerabilities affecting opnsense/core.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2026-44194P2CRITICALCVSS 9.1fixed in 26.1.82026-05-13
CVE-2026-44194 [CRITICAL] CWE-78 CVE-2026-44194: OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, an authenticated Remote OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, an authenticated Remote Code Execution (RCE) vulnerability in the OPNsense core allows a user with user-management privileges to execute arbitrary system commands as root. An attacker can bypass input validation by formatting their malicious payload as a compliant email addr
nvd
CVE-2026-45158P2CRITICALCVSS 9.1fixed in 26.1.82026-05-13
CVE-2026-45158 [CRITICAL] CWE-88 CVE-2026-45158: OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, unsanitized user input i OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, unsanitized user input is passed to the DHCP configuration of the configured interface, which is processed by a shell script, allowing remote code execution as root on the underlying operating system. This vulnerability is fixed in 26.1.8.
nvd
CVE-2026-44193P3CRITICALCVSS 9.1fixed in 26.1.72026-05-13
CVE-2026-44193 [CRITICAL] CWE-88 CVE-2026-44193: OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, the XMLRPC method opnsen OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, the XMLRPC method opnsense.restore_config_section fails to sanitize user supplied input leading to Remote Code Execution. This vulnerability is fixed in 26.1.7.
nvd
CVE-2026-34578P3HIGHCVSS 8.2fixed in 26.1.62026-04-09
CVE-2026-34578 [HIGH] CWE-90 CVE-2026-34578: OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.6, OPNsense's LDAP authenti OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.6, OPNsense's LDAP authentication connector passes the login username directly into an LDAP search filter without calling ldap_escape(). An unauthenticated attacker can inject LDAP filter metacharacters into the username field of the WebGUI login page to enumerate valid LDAP usern
nvd
CVE-2026-30868P3HIGHCVSS 8.1fixed in 26.1.42026-03-11
CVE-2026-30868 [HIGH] CWE-352 CVE-2026-30868: OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.4, multiple OPNsense MVC AP OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.4, multiple OPNsense MVC API endpoints perform state‑changing operations but are accessible via HTTP GET requests without CSRF protection. The framework CSRF validation in ApiControllerBase only applies to POST/PUT/DELETE methods, allowing authenticated GET requests to bypass CSR
nvd
CVE-2026-44195P3MEDIUMCVSS 6.5fixed in 26.1.72026-05-13
CVE-2026-44195 [MEDIUM] CWE-307 CVE-2026-44195: OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, a logic flaw in the OPNs OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, a logic flaw in the OPNsense lockout_handler allows an unauthenticated attacker to continuously reset the authentication failure counter for their IP address. By interjecting a crafted username containing a success keyword ("Accepted" or "Successful login") between normal br
nvd
Opnsense Core vulnerabilities | cvebase