Browse all 13 CVE security advisories affecting OPNsense. AI-powered Chinese analysis, POCs, and references for each vulnerability.
OPNsense serves as a firewall and routing platform primarily for network security and traffic management. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation, often stemming from web interface components or authentication flaws. The platform maintains a security-focused design with regular updates and a modular architecture. While no major public incidents have been widely documented, the 13 recorded CVEs highlight potential risks in areas like API endpoints and service configurations. Its open-source nature allows for community scrutiny but also requires diligent patch management to address emerging threats in network security appliances.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-34578 | OPNsense has an LDAP Injection via Unsanitized Username in Authentication — coreCWE-90 | 8.2 | High | 2026-04-09 |
| CVE-2026-30868 | Cross-Site Request Forgery (CSRF) in opnsense/core — coreCWE-352 | 6.3 | Medium | 2026-03-11 |
This page lists every published CVE security advisory associated with OPNsense. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.