CVE-2026-44193: RCE in OPNsense Firewall
Plattform
linux
Komponente
opnsense
Behoben in
26.1.7
CVE-2026-44193 describes a Remote Code Execution (RCE) vulnerability discovered in OPNsense, a FreeBSD-based firewall and routing platform. This flaw allows attackers to execute arbitrary code on vulnerable systems by exploiting insufficient input sanitization within the XMLRPC opnsense.restoreconfigsection method. The vulnerability impacts OPNsense versions 26.1.0 through 26.1.6 and is resolved in version 26.1.7.
Auswirkungen und Angriffsszenarien
Successful exploitation of CVE-2026-44193 grants an attacker complete control over the affected OPNsense firewall. This includes the ability to modify firewall rules, steal sensitive data (passwords, configuration files, VPN credentials), install malware, and pivot to other systems on the network. Given that OPNsense often sits at the network perimeter, a compromised firewall could serve as a launchpad for broader attacks, potentially impacting all internal resources. The ability to restore configuration sections via XMLRPC, combined with the lack of sanitization, creates a highly exploitable attack vector.
Ausnutzungskontext
CVE-2026-44193 was published on May 13, 2026. Its CRITICAL CVSS score reflects the ease of exploitation and the potential for significant impact. Public proof-of-concept (POC) code is likely to emerge, increasing the risk of widespread exploitation. The vulnerability's impact on network perimeter security warrants immediate attention and remediation. No active campaigns or KEV/EPSS scores were available at the time of publication.
Bedrohungsanalyse
Exploit-Status
CVSS-Vektor
Was bedeuten diese Metriken?
- Attack Vector
- Netzwerk — aus der Ferne über das Internet ausnutzbar. Kein physischer oder lokaler Zugriff erforderlich.
- Attack Complexity
- Niedrig — keine besonderen Bedingungen erforderlich. Zuverlässig ausnutzbar.
- Privileges Required
- Hoch — Administrator- oder Privilegienkonto erforderlich.
- User Interaction
- Keine — automatischer und lautloser Angriff. Das Opfer tut nichts.
- Scope
- Geändert — Angriff kann über die anfällige Komponente hinaus auf andere Systeme übergreifen.
- Confidentiality
- Hoch — vollständiger Vertraulichkeitsverlust. Angreifer kann alle Daten lesen.
- Integrity
- Hoch — Angreifer kann beliebige Daten schreiben, ändern oder löschen.
- Availability
- Hoch — vollständiger Absturz oder Ressourcenerschöpfung. Totaler Denial of Service.
Betroffene Software
Schwachstellen-Klassifikation (CWE)
Zeitleiste
- Reserviert
- Veröffentlicht
Mitigation und Workarounds
The primary mitigation for CVE-2026-44193 is to immediately upgrade OPNsense to version 26.1.7 or later. If upgrading is not immediately feasible, consider temporarily disabling the XMLRPC interface to prevent exploitation. While not a complete solution, this reduces the attack surface. Review firewall rules and network configurations for any unusual activity that might indicate prior compromise. After upgrading, verify the integrity of the system by checking the OPNsense version using opnsense-version and confirming that the XMLRPC interface is functioning as expected.
So behebenwird übersetzt…
Actualice OPNsense a la versión 26.1.7 o posterior para mitigar la vulnerabilidad de ejecución remota de código (RCE) en el método opnsense.restore_config_section. Esta actualización corrige la falta de sanitización de la entrada del usuario, previniendo la ejecución de código malicioso a través del endpoint XMLRPC. Consulte la documentación oficial de OPNsense para obtener instrucciones detalladas sobre cómo actualizar su sistema.
Häufig gestellte Fragen
What is CVE-2026-44193 — RCE in OPNsense?
CVE-2026-44193 is a critical Remote Code Execution vulnerability in OPNsense firewalls affecting versions 26.1.0 through 26.1.6. It allows attackers to execute arbitrary code via an XMLRPC interface due to insufficient input sanitization.
Am I affected by CVE-2026-44193 in OPNsense?
If you are running OPNsense version 26.1.0, 26.1.1, 26.1.2, 26.1.3, 26.1.4, 26.1.5, or 26.1.6, you are potentially affected by this vulnerability.
How do I fix CVE-2026-44193 in OPNsense?
Upgrade OPNsense to version 26.1.7 or later to resolve this vulnerability. As a temporary workaround, disable the XMLRPC interface if upgrading is not immediately possible.
Is CVE-2026-44193 being actively exploited?
While no active campaigns have been publicly reported, the vulnerability's severity and ease of exploitation suggest it is likely to be targeted. Prompt remediation is crucial.
Where can I find the official OPNsense advisory for CVE-2026-44193?
Refer to the official OPNsense security advisory for detailed information and updates: [https://opnsense.org/security/advisories/](https://opnsense.org/security/advisories/)
Ist dein Projekt betroffen?
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Jetzt testen — kein Konto
Laden Sie ein Manifest hoch (composer.lock, package-lock.json, WordPress Plugin-Liste…) oder fügen Sie Ihre Komponentenliste ein. Sie erhalten sofort einen Schwachstellenbericht. Das Hochladen einer Datei ist nur der Anfang: Mit einem Konto erhalten Sie kontinuierliche Überwachung, Slack/email-Benachrichtigungen, Multi-Projekt- und White-Label-Berichte.
Abhängigkeitsdatei hier ablegen
composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...