How a Security Researcher Discovered 5 OPNsense Vulnerabilities Including a Critical RCE (CVE-2026-57155)
By
HackerAsk
Summary
A security researcher recounts their week-long deep dive into OPNsense, an open-source FreeBSD-based firewall platform, which resulted in five accepted vulnerabilities including a critical Remote Code Execution flaw (CVE-2026-57155) with a 9.9 CVSS rating. The article details the researcher's methodology, the discovery process, and the technical journey behind achieving their first CVEs during a designated security research week at Hacking Cult.
Source
Key quotes
· 5 pulledI think every security researcher remembers their first CVE.
For me, that milestone did not arrive as a single, low-impact bug.
This milestone was capped off by a critical Remote Code Execution flaw with a 9.9 CVSS rating (CVE-2026-57155).
As a popular open-source FreeBSD-based firewall and routing platform, OPNsense sits at the edge of enterprise and home networks.
The claim of OPNsense is to make digital security accessible to everyone by providing al
You might also wanna read
Critical Gogs RCE bug (CVSS 9.4) remains unpatched; exploit module now public
A critical remote code execution (RCE) vulnerability rated 9.4/10 has been discovered in Gogs, a popular open-source self-hosted Git service

Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)
CVE-2026-13117: Technical Analysis of OpenVPN tls-crypt-v2 Heap Use-After-Free Vulnerability
A detailed technical analysis of CVE-2026-13117, a critical heap use-after-free vulnerability in OpenVPN's tls-crypt-v2 mechanism. The vulne
undercodetesting.com·2d ago
WAF - WAF Release - 2025-05-19
Critical Pre-Auth RCE Vulnerability (CVE-2026-8037) Discovered in Progress Kemp LoadMaster — CVSS 9.8
A critical vulnerability (CVE-2026-8037) has been disclosed in Progress Kemp LoadMaster, a widely used load balancer and Application Deliver
undercodetesting.com·7d ago

Comments
Sign in to join the conversation.
No comments yet. Be the first.