opnsense

Top products

The 15 most recently published vulnerabilities affecting opnsense.

• CVE-2026-45158OPNsense: Command Injection via Attacker-Controlled DHCP Config9.1May 13, 2026
• CVE-2026-44194OPNsense: RCE on user managment9.1May 13, 2026
• CVE-2026-44195OPNsense: Authentication lockout bypass5.3May 13, 2026
• CVE-2026-44193OPNsense: RCE via XMLRPC endpoint using `opnsense.restore_config_section` method9.1May 13, 2026
• CVE-2026-34578OPNsense has an LDAP Injection via Unsanitized Username in Authentication8.2Apr 9, 2026
• CVE-2026-30868Cross-Site Request Forgery (CSRF) in opnsense/core6.3Mar 11, 2026
• CVE-2019-25377OPNsense 19.1 Reflected XSS via system_advanced_sysctl.php5.4Feb 15, 2026
• CVE-2019-25376OPNsense 19.1 Reflected XSS via proxy endpoint6.1Feb 15, 2026
• CVE-2019-25375OPNsense 19.1 Reflected XSS via monit interface6.1Feb 15, 2026
• CVE-2019-25374OPNsense 19.1 Reflected XSS via vpn_ipsec_settings.php6.1Feb 15, 2026
• CVE-2019-25373OPNsense 19.1 Stored XSS via firewall_rules_edit.php6.4Feb 15, 2026
• CVE-2019-25372OPNsense 19.1 Reflected XSS via diag_traceroute.php6.1Feb 15, 2026
• CVE-2019-25371OPNsense 19.1 Reflected XSS via diag_ping.php6.1Feb 15, 2026
• CVE-2019-25370OPNsense 19.1 Reflected XSS via interfaces_vlan_edit.php6.1Feb 15, 2026
• CVE-2019-25369OPNsense 19.1 Stored XSS via system_advanced_sysctl.php6.4Feb 15, 2026