HeadlinesBriefing favicon HeadlinesBriefing.com

OPNsense RCE: Researcher Details CVE-2026-57155 Exploit Chain

Hacker News •
×

A security researcher detailed the discovery of five vulnerabilities in the popular open-source firewall OPNsense, including a critical Remote Code Execution (RCE) flaw rated CVSS 9.9. The researcher spent a dedicated week testing the platform, which aims to democratize network security. Five vulnerabilities were disclosed and have since been patched by the OPNsense team.

Manual taint analysis and extensive use of tools like ripgrep were central to the research. The methodology involved tracing user input through the Phalcon framework and XML configurations. This process uncovered issues like an XPath injection affecting 21 endpoints and three stored XSS vulnerabilities due to improper escaping in various web interface components.

The critical RCE, CVE-2026-57155, stemmed from a flaw in OPNsense's Geo IP alias importer script. The script failed to validate the `country_code` variable, allowing an attacker to craft a malicious CSV file that overwrites arbitrary files on the system, leading to code execution. The researcher successfully chained this with other minor issues.