vulnerability
FreeBSD: VID-9eb2533e-4434-11f1-bb07-bc241121aa0a (CVE-2026-42511): FreeBSD -- Remote code execution via malicious DHCP options
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Apr 30, 2026 | Apr 30, 2026 | Apr 30, 2026 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Apr 30, 2026
Added
Apr 30, 2026
Modified
Apr 30, 2026
Description
Problem Description: The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by dhclient, e.g., after a system restart, an attacker-controlled field from the lease is passed to dhclient-script(8), which evaluates it. Impact: A rogue DHCP server may be able to execute arbirary code as root on a system running dhclient.
Solutions
freebsd-upgrade-base-15_0-release-p7freebsd-upgrade-base-14_4-release-p3freebsd-upgrade-base-14_3-release-p12freebsd-upgrade-base-13_5-release-p13
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.