Main
Vulnerability Database
Exploits
ID:12803 - Exploit for Improper Output Neutralization for Logs in OPNsense
ID:12803 - Exploit for Improper Output Neutralization for Logs in OPNsense
Published: July 3, 2026
Vulnerability identifier: #VU136839
Vulnerability risk: Medium
CVE-ID: N/A
CWE-ID: CWE-117
Exploitation vector: Adjecent network
Vulnerable software:
OPNsense
OPNsense
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to insufficient neutralization of special characters when writing to logs within login username field. A remote attacker on the local network can bypass brute-force protection and perform a denial of service (DoS) attack.
Remediation
Install updates from vendor's website.