Opnsense Core
6 CVEs affecting Opnsense Core. Latest disclosed: 2026-05-13. Critical: 3, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-45158 | Critical | 9.1 | 2026-05-13 | OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, unsanitized user input is passed to the DHCP configuration of the configured interf… |
CVE-2026-44194 | Critical | 9.1 | 2026-05-13 | OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, an authenticated Remote Code Execution (RCE) vulnerability in the OPNsense core all… |
CVE-2026-44193 | Critical | 9.1 | 2026-05-13 | OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, the XMLRPC method opnsense.restore_config_section fails to sanitize user supplied i… |
CVE-2026-34578 | High | 8.2 | 2026-04-09 | OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.6, OPNsense's LDAP authentication connector passes the login username directly into an… |
CVE-2026-30868 | Medium | 6.3 | 2026-03-11 | OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.4, multiple OPNsense MVC API endpoints perform state‑changing operations but are acces… |
CVE-2026-44195 | Medium | 5.3 | 2026-05-13 | OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, a logic flaw in the OPNsense lockout_handler allows an unauthenticated attacker to… |