Known Vulnerabilities for products from Opnsense
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Opnsense".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-34578 json | OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.6, OPNsense's LDAP authentication connector passes t... | Not Provided | 2026-04-09 | 2026-04-14 |
| CVE-2023-44276 json | OPNsense before 23.7.5 allows XSS via the index.php sequence parameter to the Lobby Dashboard. | 5.4 - MEDIUM | 2023-09-28 | 2023-10-02 |
| CVE-2023-44275 json | OPNsense before 23.7.5 allows XSS via the index.php column_count parameter to the Lobby Dashboard. | 5.4 - MEDIUM | 2023-09-28 | 2023-10-02 |
| CVE-2023-39008 json | A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition before 23.7 and B... | 9.8 - CRITICAL | 2023-08-09 | 2023-10-10 |
| CVE-2023-39007 json | /ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows ... | 9.6 - CRITICAL | 2023-08-09 | 2023-10-10 |
| CVE-2023-39006 json | The Crash Reporter (crash_reporter.php) component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.... | 5.4 - MEDIUM | 2023-08-09 | 2023-10-10 |
| CVE-2023-39005 json | Insecure permissions exist for configd.socket in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2. | 7.5 - HIGH | 2023-08-09 | 2023-10-10 |
| CVE-2023-39004 json | Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition b... | 9.8 - CRITICAL | 2023-08-09 | 2023-10-10 |
| CVE-2023-39003 json | OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 was discovered to contain insecure permissions in t... | 7.5 - HIGH | 2023-08-09 | 2023-10-10 |
| CVE-2023-39002 json | A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense Community Edition befor... | 6.1 - MEDIUM | 2023-08-09 | 2023-10-10 |
| CVE-2023-39001 json | A command injection vulnerability in the component diag_backup.php of OPNsense Community Edition before 23.7 and Business Edi... | 9.8 - CRITICAL | 2023-08-09 | 2023-10-10 |
| CVE-2023-39000 json | A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense Community Edition... | 6.1 - MEDIUM | 2023-08-09 | 2023-10-10 |
| CVE-2023-38999 json | A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense Community Edition before 23.7 and Busin... | 6.5 - MEDIUM | 2023-08-09 | 2023-10-10 |
| CVE-2023-38998 json | An open redirect in the Login page of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attack... | 6.1 - MEDIUM | 2023-08-09 | 2023-10-10 |
| CVE-2023-38997 json | A directory traversal vulnerability in the Captive Portal templates of OPNsense Community Edition before 23.7 and Business Ed... | 9.8 - CRITICAL | 2023-08-09 | 2023-10-10 |
| CVE-2023-27152 json | DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to perform a brute-force attack to by... | 9.8 - CRITICAL | 2023-10-23 | 2023-10-31 |
| CVE-2021-42770 json | A Cross-site scripting (XSS) vulnerability was discovered in OPNsense before 21.7.4 via the LDAP attribute return in the auth... | 6.1 - MEDIUM | 2021-11-08 | 2022-07-28 |
| CVE-2020-23015 json | An open redirect issue was discovered in OPNsense through 20.1.5. The redirect parameter "url" in login page was not filtered... | 6.1 - MEDIUM | 2021-05-03 | 2021-05-11 |
| CVE-2019-11816 json | Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 allows remote authentica... | 7.2 - HIGH | 2019-05-20 | 2020-08-24 |
| CVE-2018-18958 json | OPNsense 18.7.x before 18.7.7 has Incorrect Access Control. | 6.5 - MEDIUM | 2019-06-17 | 2019-06-19 |
Known software with vulnerabilities from Opnsense
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Opnsense | Opnsense | 15.1 |