DEV Community

Cover image for OPNsense Patches Critical Root Vulnerability in GeoIP Alias Importer
BeyondMachines for BeyondMachines

Posted on • Originally published at beyondmachines.net

OPNsense Patches Critical Root Vulnerability in GeoIP Alias Importer

Summary

OPNsense released critical security updates to fix a root remote code execution vulnerability (CVE-2026-57155) in its GeoIP alias importer. The update also patches several other flaws including XPath injection and stored cross-site scripting.

Take Action:

Make sure your OPNsense firewall's management interface is isolated from the internet and reachable only from trusted networks, since even a low-level user with alias-editing rights can exploit this flaw. Update to OPNsense 26.1.11 or 26.4.1p1 ASAP. If you can't update immediately, lock down management access and limit alias-editing permissions to trusted administrators only.


Read the full article on BeyondMachines


This article was originally published on BeyondMachines

Top comments (0)