CVE-2026-44193
CriticalPublic PoC
Published: 13 May 2026
Published
13 May 2026
Modified
15 May 2026
KEV Added
—
Patch
—
CVSS Score
9.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.0033
55.7th percentile
Risk Priority
18
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2026-44193 is a critical-severity Argument Injection (CWE-88) vulnerability in Opnsense Opnsense. Its CVSS base score is 9.1 (Critical).
Operationally, ranked in the top 44.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
NVD Description
OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, the XMLRPC method opnsense.restore_config_section fails to sanitize user supplied input leading to Remote Code Execution. This vulnerability is fixed in 26.1.7.
Deeper analysisAI
Automated synthesis unavailable for this CVE.
Details
- CWE(s)
Affected Products
opnsense
opnsense
≤ 26.1.7
CVEs Like This One
CVE-2026-45158Same product: Opnsense Opnsense
CVE-2026-30868Same product: Opnsense Opnsense
CVE-2025-50989Same product: Opnsense Opnsense
CVE-2026-44194Same product: Opnsense Opnsense
CVE-2026-34578Same product: Opnsense Opnsense
CVE-2026-25134Shared CWE-88
CVE-2026-22168Shared CWE-88
CVE-2025-0065Shared CWE-88
CVE-2026-1716Shared CWE-88
CVE-2026-42284Shared CWE-88