Chasing the OPNsense RCE: The Story Behind My First CVEs

(hackerask.com)

16 points | by HackerAsk a day ago ago

3 comments

  • bill_mcgonigle 21 hours ago ago

    For those wondering this gives full system compromise to an authenticated user with permissions to edit the firewall, AIUI.

    Nasty but I was expecting a remote unauthenticated attack at 9.9. Hopefully you don't allow admin on WAN!

    Thanks for finding the bugs and writing about the design pattern problem, HackerAsk.

  • undefined a day ago ago
    [deleted]
  • pizzalife a day ago ago

    Why did you not mention LLM use in the post at all?

    Are you not using LLMs as part of your toolkit in 2026?