CVE-2026-45158: Command Injection in OPNsense Firewall
Platform
linux
Component
opnsense
Fixed in
26.1.8
CVE-2026-45158 is a Command Injection vulnerability affecting OPNsense Firewall versions 26.1.0 through 26.1.7. This flaw allows an attacker to inject malicious commands into the DHCP configuration, which are then executed with root privileges. Successful exploitation can lead to complete system takeover and data exfiltration. The vulnerability has been patched in version 26.1.8.
Impact and Attack Scenarios
The impact of CVE-2026-45158 is severe. An attacker exploiting this vulnerability can gain root access to the OPNsense firewall, effectively controlling the entire system. This allows them to modify firewall rules, steal sensitive data (passwords, configuration files, VPN credentials), install malware, and pivot to other systems on the network. The ability to execute commands as root grants the attacker unrestricted access, making this a high-impact vulnerability. A successful attack could disrupt network services, compromise internal resources, and lead to significant data breaches. The root access also enables persistence, allowing the attacker to maintain control even after the initial exploit.
Exploitation Context
CVE-2026-45158 was published on 2026-05-13. Its CRITICAL CVSS score indicates a high probability of exploitation. No public exploits or active campaigns have been reported as of this writing, but the ease of exploitation and the potential impact make it a high-priority vulnerability. Monitor security advisories and threat intelligence feeds for any indications of exploitation attempts. This vulnerability does not appear on the CISA Known Exploited Vulnerabilities (KEV) catalog at this time.
Threat Intelligence
Exploit Status
CISA SSVC
CVSS Vector
What do these metrics mean?
- Attack Vector
- Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
- Attack Complexity
- Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
- Privileges Required
- High — admin or privileged account required to exploit.
- User Interaction
- None — attack is automatic and silent. Victim does nothing: no click, no file open.
- Scope
- Changed — successful attack can pivot beyond the vulnerable component to other systems or the host OS.
- Confidentiality
- High — complete confidentiality loss. Attacker can read all data: credentials, keys, personal data.
- Integrity
- High — attacker can write, modify, or delete any data: databases, config files, or code.
- Availability
- High — complete crash or resource exhaustion. Full denial of service.
Affected Software
Weakness Classification (CWE)
Timeline
- Reserved
- Published
- Modified
Mitigation and Workarounds
The primary mitigation for CVE-2026-45158 is to immediately upgrade OPNsense Firewall to version 26.1.8 or later. If upgrading is not immediately feasible, consider temporarily disabling DHCP configuration on the affected interfaces to prevent new malicious configurations from being applied. As a temporary workaround, implement strict input validation on DHCP configuration fields using a Web Application Firewall (WAF) or proxy to filter out potentially malicious characters. Monitor system logs for unusual command execution patterns, specifically those related to DHCP configuration changes. After upgrading, confirm the fix by attempting to inject a simple command through the DHCP configuration interface and verifying that it is not executed.
How to fix
Actualice su instalación de OPNsense a la versión 26.1.8 o posterior para mitigar esta vulnerabilidad. La actualización corrige la falta de sanitización de la entrada del usuario en la configuración DHCP, previniendo la ejecución remota de código.
Frequently asked questions
What is CVE-2026-45158 — Command Injection in OPNsense Firewall?
CVE-2026-45158 is a critical vulnerability in OPNsense Firewall versions 26.1.0 through 26.1.7 that allows an attacker to inject and execute arbitrary commands with root privileges, potentially leading to full system compromise.
Am I affected by CVE-2026-45158 in OPNsense Firewall?
You are affected if you are running OPNsense Firewall versions 26.1.0 through 26.1.7. Upgrade to version 26.1.8 or later to mitigate this vulnerability.
How do I fix CVE-2026-45158 in OPNsense Firewall?
The recommended fix is to upgrade OPNsense Firewall to version 26.1.8 or later. As a temporary workaround, disable DHCP configuration or implement WAF rules to filter malicious input.
Is CVE-2026-45158 being actively exploited?
While no public exploits or active campaigns have been reported, the high severity and ease of exploitation suggest a potential for exploitation. Continuous monitoring is advised.
Where can I find the official OPNsense advisory for CVE-2026-45158?
Refer to the official OPNsense security advisory for CVE-2026-45158 on the OPNsense website: [https://opnsense.org/security/advisories/](https://opnsense.org/security/advisories/)
Is your project affected?
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Try it now — no account
Upload any manifest (composer.lock, package-lock.json, WordPress plugin list…) or paste your component list. You get a vulnerability report instantly. Uploading a file is just the start: with an account you get continuous monitoring, Slack/email alerts, multi-project and white-label reports.
Drag & drop your dependency file
composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...