Known Vulnerabilities for products from Opnsense
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Opnsense".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-45158 json | OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, unsanitized user input is passed to the DHCP conf... | Not Provided | 2026-05-13 | 2026-05-15 |
| CVE-2026-44195 json | OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, a logic flaw in the OPNsense lockout_handler allo... | Not Provided | 2026-05-13 | 2026-05-15 |
| CVE-2026-44194 json | OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, an authenticated Remote Code Execution (RCE) vuln... | Not Provided | 2026-05-13 | 2026-05-15 |
| CVE-2026-44193 json | OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, the XMLRPC method opnsense.restore_config_section... | Not Provided | 2026-05-13 | 2026-05-15 |
| CVE-2026-34578 json | OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.6, OPNsense's LDAP authentication connector passes t... | Not Provided | 2026-04-09 | 2026-04-14 |
| CVE-2023-44276 json | OPNsense before 23.7.5 allows XSS via the index.php sequence parameter to the Lobby Dashboard. | 5.4 - MEDIUM | 2023-09-28 | 2023-10-02 |
| CVE-2023-44275 json | OPNsense before 23.7.5 allows XSS via the index.php column_count parameter to the Lobby Dashboard. | 5.4 - MEDIUM | 2023-09-28 | 2023-10-02 |
| CVE-2023-39008 json | A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition before 23.7 and B... | 9.8 - CRITICAL | 2023-08-09 | 2023-10-10 |
| CVE-2023-39007 json | /ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows ... | 9.6 - CRITICAL | 2023-08-09 | 2023-10-10 |
| CVE-2023-39006 json | The Crash Reporter (crash_reporter.php) component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.... | 5.4 - MEDIUM | 2023-08-09 | 2023-10-10 |
| CVE-2023-39005 json | Insecure permissions exist for configd.socket in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2. | 7.5 - HIGH | 2023-08-09 | 2023-10-10 |
| CVE-2023-39004 json | Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition b... | 9.8 - CRITICAL | 2023-08-09 | 2023-10-10 |
| CVE-2023-39003 json | OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 was discovered to contain insecure permissions in t... | 7.5 - HIGH | 2023-08-09 | 2023-10-10 |
| CVE-2023-39002 json | A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense Community Edition befor... | 6.1 - MEDIUM | 2023-08-09 | 2023-10-10 |
| CVE-2023-39001 json | A command injection vulnerability in the component diag_backup.php of OPNsense Community Edition before 23.7 and Business Edi... | 9.8 - CRITICAL | 2023-08-09 | 2023-10-10 |
| CVE-2023-39000 json | A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense Community Edition... | 6.1 - MEDIUM | 2023-08-09 | 2023-10-10 |
| CVE-2023-38999 json | A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense Community Edition before 23.7 and Busin... | 6.5 - MEDIUM | 2023-08-09 | 2023-10-10 |
| CVE-2023-38998 json | An open redirect in the Login page of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attack... | 6.1 - MEDIUM | 2023-08-09 | 2023-10-10 |
| CVE-2023-38997 json | A directory traversal vulnerability in the Captive Portal templates of OPNsense Community Edition before 23.7 and Business Ed... | 9.8 - CRITICAL | 2023-08-09 | 2023-10-10 |
| CVE-2023-27152 json | DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to perform a brute-force attack to by... | 9.8 - CRITICAL | 2023-10-23 | 2023-10-31 |
Known software with vulnerabilities from Opnsense
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Opnsense | Opnsense | 15.1 |