Improper Output Neutralization for Logs in OPNsense - #VU136839
Published: July 3, 2026 / Updated: July 3, 2026
OPNsense
Detailed vulnerability description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to insufficient neutralization of special characters when writing to logs within login username field. A remote attacker on the local network can bypass brute-force protection and perform a denial of service (DoS) attack.