ID:12797 - Exploit for Path traversal in OPNsense - CVE-2026-58393

 
Main Vulnerability Database Exploits ID:12797 - Exploit for Path traversal in OPNsense - CVE-2026-58393

ID:12797 - Exploit for Path traversal in OPNsense - CVE-2026-58393

Published: July 3, 2026


Vulnerability identifier: #VU136833
Vulnerability risk: Medium
CVE-ID: CVE-2026-58393
CWE-ID: CWE-22
Exploitation vector: Remote access
Vulnerable software:
OPNsense

Link to public exploit:


Vulnerability description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in generated CSO files. A remote user can send a specially crafted HTTP request and write arbitrary files on the system.


Remediation

Install updates from vendor's website.