CVE-2026-42511— Remote code execution via malicious DHCP options
Possible ATT&CK Techniques 1AI
T1068 · Exploitation for Privilege EscalationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-42511
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Remote code execution via malicious DHCP options
Source: NVD (National Vulnerability Database)
Vulnerability Description
The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by dhclient, e.g., after a system restart, an attacker-controlled field from the lease is passed to dhclient-script(8), which evaluates it. A rogue DHCP server may be able to execute arbirary code as root on a system running dhclient.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
引号语法转义处理不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
FreeBSD 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
FreeBSD是FreeBSD基金会的一套类Unix操作系统。 FreeBSD存在安全漏洞,该漏洞源于BOOTP文件字段在写入租约文件时未转义嵌入的双引号,允许注入任意dhclient.conf指令,可能导致恶意DHCP服务器在系统上以root权限执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-42511
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-42511
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-42511 (1)
Same Patch Batch · FreeBSD · 2026-04-30 · 6 CVEs total
| CVE-2026-7164 | pf can overflow the stack parsing crafted SCTP packets | |
| CVE-2026-7270 | Local privilege escalation via execve() | |
| CVE-2026-42512 | Remotely triggerable out-of-bounds heap write in dhclient | |
| CVE-2026-35547 | Heap overflow in libnv | |
| CVE-2026-39457 | Stack overflow via select() file descriptor set overflow |
IV. Related Vulnerabilities
Same product: FreeBSD
- CVE-2026-45254
Incorrect libcap_net limitation list manipulation - CVE-2026-45255
Remote code execution via installer Wi-Fi access point scans - CVE-2026-39461
select(2) file descriptor set overflow causes stack overflow - CVE-2026-45253
Missing validation in ptrace(PT_SC_REMOTE) - CVE-2026-45252
Heap overflow in FUSE_LISTXATTR
Same vendor: FreeBSD
- CVE-2026-45254
Incorrect libcap_net limitation list manipulation - CVE-2026-45255
Remote code execution via installer Wi-Fi access point scans - CVE-2026-39461
select(2) file descriptor set overflow causes stack overflow - CVE-2026-45253
Missing validation in ptrace(PT_SC_REMOTE) - CVE-2026-45252
Heap overflow in FUSE_LISTXATTR
V. Comments for CVE-2026-42511
No comments yet