opnsense core Vulnerabilities: CVEs, CISA KEV & Security Advisories

Severity and exploitation

How the CVSS severity of opnsense core's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical4

High1

Medium14

Low0

20 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

None of opnsense core's CVEs are currently listed in CISA's KEV catalog.

Public exploits

31 of opnsense core's CVEs have a known public exploit available.

Affected versions and CVEs

Browse every opnsense core version named in a CVE, then pick one to see only the CVEs that affect it.

Specific versions

15.133 CVEs
15.1.133 CVEs
15.1.1033 CVEs
15.1.10.233 CVEs
15.1.1133 CVEs
15.1.11.133 CVEs
15.1.11.233 CVEs
15.1.11.333 CVEs
15.1.11.433 CVEs
15.1.1233 CVEs
15.1.233 CVEs
15.1.333 CVEs
15.1.433 CVEs
15.1.533 CVEs
15.1.633 CVEs
15.1.6.133 CVEs
15.1.733 CVEs
15.1.7.133 CVEs
15.1.7.233 CVEs
15.1.833 CVEs
15.1.8.133 CVEs
15.1.8.233 CVEs
15.1.8.333 CVEs
15.1.8.433 CVEs
15.1.933 CVEs
15.1.9.133 CVEs
15.1.9.233 CVEs
15.733 CVEs
16.7.a33 CVEs
16.7.b33 CVEs
18.7.r33 CVEs
16.7.r32 CVEs
17.1.a32 CVEs
17.1.b32 CVEs
17.1.r32 CVEs
17.7.a32 CVEs
17.7.b32 CVEs
17.7.r32 CVEs
18.1.a32 CVEs
18.1.b32 CVEs
18.1.r32 CVEs
18.7.a32 CVEs
18.7.b32 CVEs
19.1.a32 CVEs
19.1.b32 CVEs
19.1.r31 CVEs
15.1.10.125 CVEs
19.7.a21 CVEs
19.7.b21 CVEs
19.7.r21 CVEs
20.1.a21 CVEs
20.1.b21 CVEs
20.1.r21 CVEs
20.7.a20 CVEs
20.7.b20 CVEs
20.7.r20 CVEs
21.1.a20 CVEs
21.1.b20 CVEs
21.1.r20 CVEs
21.7.a20 CVEs
21.7.b20 CVEs
21.7.r20 CVEs
22.1.a19 CVEs
22.1.b19 CVEs
22.1.r19 CVEs
22.7.a19 CVEs
22.7.b19 CVEs
22.7.r19 CVEs
23.1.a19 CVEs
23.1.b19 CVEs
23.1.r19 CVEs
23.7.a18 CVEs
23.7.b18 CVEs
23.7.r6 CVEs
24.1.a6 CVEs
24.1.b4 CVEs
24.1.r4 CVEs
24.7.a4 CVEs
24.7.b4 CVEs
24.7.r4 CVEs
25.1.a4 CVEs
25.1.b4 CVEs
25.1.r4 CVEs
25.7.a3 CVEs
25.7.b3 CVEs
25.7.r3 CVEs
26.1.a3 CVEs
23.72 CVEs
23.7.12 CVEs
23.7.22 CVEs
23.7.32 CVEs
23.7.42 CVEs
23.7.r12 CVEs
23.7.r22 CVEs
23.7.r32 CVEs
16.11 CVE
16.1.11 CVE
16.1.101 CVE
16.1.111 CVE
16.1.121 CVE
16.1.131 CVE
16.1.141 CVE
16.1.151 CVE
16.1.21 CVE
16.1.31 CVE
16.1.41 CVE
16.1.51 CVE
16.1.61 CVE
16.1.71 CVE
16.1.81 CVE
16.1.91 CVE
18.71 CVE
18.7.11 CVE
18.7.21 CVE
18.7.31 CVE
18.7.41 CVE
18.7.51 CVE
18.7.61 CVE
18.7.r11 CVE
18.7.r21 CVE
19.11 CVE
19.1.11 CVE
19.1.21 CVE
19.1.31 CVE
19.1.41 CVE
19.1.51 CVE
19.1.61 CVE
19.1.71 CVE
19.1.r11 CVE
19.1.r21 CVE
20.11 CVE
20.1.11 CVE
20.1.21 CVE
20.1.31 CVE
20.1.41 CVE
20.1.51 CVE
20.1.r11 CVE
21.71 CVE
21.7.11 CVE
21.7.21 CVE
21.7.31 CVE
21.7.r11 CVE
21.7.r21 CVE
25.11 CVE
25.1.11 CVE
25.1.21 CVE
25.1.31 CVE
25.1.41 CVE
25.1.51 CVE
25.1.61 CVE
25.1.71 CVE
25.1.r11 CVE
25.1.r21 CVE
26.11 CVE
26.1.11 CVE
26.1.21 CVE
26.1.31 CVE
26.1.b1 CVE
26.1.r1 CVE
26.1.r11 CVE
26.1.r21 CVE
RELENG_2_2_BETA1 CVE
Root_RELENG_1_21 CVE
v2.4.11 CVE

Fixed in

497e46956ae0251273189a9ea59dc5128af9e1d912 CVEs
484753b2abe3fd0fcdb73d8bf00c3fc3709eb8b72 CVEs
cb15c935137d05c86a1e6cf12af877e9c32a23af2 CVEs
cd8f7fa6f7495542c1eaa3315cc7205dc218566b2 CVEs
e800097d0c287bb665f0751a98a67c75ef7b45e52 CVEs
1c05a19d9d52c7bfa4ac52114935d9fe76d5d1811 CVE
1e712b11a65d80a7d231bab8bc27d3852ee86cae1 CVE
386d89b071 CVE
448762d440b51574f1906c0ec2f5ea6dc4f16eb21 CVE
5d68f43d1f254144831881fc87d885eed120cf3c1 CVE
5edff49db1cd8b5078611e2f542d91c02af2b25c1 CVE

Find a version

39 CVEs

Sort

OPNsense: Command Injection via Attacker-Controlled DHCP Config
CVE-2026-45158
Patch
CWE-88
Critical · CVSS 9.1
EPSS 0.3% (54th pct)2026-05-13
OPNsense: RCE on user managment
CVE-2026-44194
Public exploit
Patch
CWE-78
Critical · CVSS 9.1
EPSS 0.2% (45th pct)2026-05-13
OPNsense: Authentication lockout bypass
CVE-2026-44195
Public exploit
Patch
CWE-307
Medium · CVSS 5.3
EPSS 0.1% (25th pct)2026-05-13
OPNsense: RCE via XMLRPC endpoint using `opnsense.restore_config_section` method
CVE-2026-44193
Public exploit
Patch
CWE-88
Critical · CVSS 9.1
EPSS 0.3% (56th pct)2026-05-13
OPNsense has an LDAP Injection via Unsanitized Username in Authentication
CVE-2026-34578
Public exploit
Patch
CWE-90
High · CVSS 8.2
EPSS 0.3% (49th pct)2026-04-09
Cross-Site Request Forgery (CSRF) in opnsense/core
CVE-2026-30868
Public exploit
Patch
CWE-352
Medium · CVSS 6.3
EPSS 0.0% (7th pct)2026-03-11
Deciso OPNsense diag_backup.php filename Command Injection Remote Code Execution Vulnerability
CVE-2026-2035
Patch
CWE-78
Medium · CVSS 6.8
EPSS 0.2% (41th pct)2026-02-20
OPNsense 19.1 Reflected XSS via system_advanced_sysctl.php
CVE-2019-25377
Public exploit
Patch
CWE-79
Medium · CVSS 5.4
EPSS 0.0% (2th pct)2026-02-15
OPNsense 19.1 Reflected XSS via proxy endpoint
CVE-2019-25376
Public exploit
Patch
CWE-79
Medium · CVSS 6.1
EPSS 0.0% (10th pct)2026-02-15
OPNsense 19.1 Reflected XSS via monit interface
CVE-2019-25375
Public exploit
Patch
CWE-79
Medium · CVSS 6.1
EPSS 0.0% (11th pct)2026-02-15
OPNsense 19.1 Reflected XSS via vpn_ipsec_settings.php
CVE-2019-25374
Public exploit
Patch
CWE-79
Medium · CVSS 6.1
EPSS 0.0% (4th pct)2026-02-15
OPNsense 19.1 Stored XSS via firewall_rules_edit.php
CVE-2019-25373
Public exploit
Patch
CWE-79
Medium · CVSS 6.4
EPSS 0.0% (11th pct)2026-02-15
OPNsense 19.1 Reflected XSS via diag_traceroute.php
CVE-2019-25372
Public exploit
Patch
CWE-79
Medium · CVSS 6.1
EPSS 0.1% (18th pct)2026-02-15
OPNsense 19.1 Reflected XSS via diag_ping.php
CVE-2019-25371
Public exploit
Patch
CWE-79
Medium · CVSS 6.1
EPSS 0.1% (18th pct)2026-02-15
OPNsense 19.1 Reflected XSS via interfaces_vlan_edit.php
CVE-2019-25370
Public exploit
Patch
CWE-79
Medium · CVSS 6.1
EPSS 0.0% (15th pct)2026-02-15
OPNsense 19.1 Stored XSS via system_advanced_sysctl.php
CVE-2019-25369
Public exploit
Patch
CWE-79
Medium · CVSS 6.4
EPSS 0.0% (11th pct)2026-02-15
OPNsense 19.1 Reflected XSS via diag_backup.php
CVE-2019-25368
Public exploit
Patch
CWE-79
Medium · CVSS 5.4
EPSS 0.0% (6th pct)2026-02-15
Deciso OPNsense diag_backup.php filename Directory Traversal Arbitrary File Creation Vulnerability
CVE-2025-13698
Patch
CWE-22
Medium · CVSS 4.5
EPSS 0.3% (55th pct)2025-12-23
Critical vulnerability · 2025-08-27
CVE-2025-50989
Public exploit
Patch
CWE-78
Critical · CVSS 9.1
EPSS 1.5% (81th pct)2025-08-27
Vulnerability · 2023-10-23
CVE-2023-27152
Public exploit
Unscored
EPSS 0.1% (32th pct)2023-10-23
Vulnerability · 2023-09-28
CVE-2023-44276
Public exploit
Patch
Unscored
EPSS 0.2% (42th pct)2023-09-28
Vulnerability · 2023-09-28
CVE-2023-44275
Public exploit
Patch
Unscored
EPSS 0.2% (44th pct)2023-09-28
Vulnerability · 2023-08-09
CVE-2023-39008
Public exploit
Patch
Unscored
EPSS 5.2% (90th pct)2023-08-09
Vulnerability · 2023-08-09
CVE-2023-39007
Public exploit
Patch
Unscored
EPSS 54.1% (98th pct)2023-08-09
Vulnerability · 2023-08-09
CVE-2023-39006
Public exploit
Patch
Unscored
EPSS 0.1% (31th pct)2023-08-09
Vulnerability · 2023-08-09
CVE-2023-39005
Public exploit
Patch
Unscored
EPSS 0.6% (68th pct)2023-08-09
Vulnerability · 2023-08-09
CVE-2023-39004
Public exploit
Patch
Unscored
EPSS 0.2% (36th pct)2023-08-09
Vulnerability · 2023-08-09
CVE-2023-39003
Public exploit
Patch
Unscored
EPSS 0.4% (60th pct)2023-08-09
Vulnerability · 2023-08-09
CVE-2023-39002
Public exploit
Patch
Unscored
EPSS 23.6% (96th pct)2023-08-09
Vulnerability · 2023-08-09
CVE-2023-39001
Public exploit
Patch
Unscored
EPSS 5.5% (90th pct)2023-08-09

Showing 30 of 39

Severity and exploitation

opnsense core Vulnerabilities

Overview

Severity and exploitation

Affected versions and CVEs

Specific versions

Fixed in

Common weakness types

Disclosure activity by year

Other opnsense products

Frequently asked questions

How many CVEs does opnsense core have?

How many opnsense core CVEs are in CISA KEV?

Are there public exploits for opnsense core vulnerabilities?

Which versions of opnsense core are affected?

What are the most common weakness types in opnsense core CVEs?

How many critical opnsense core vulnerabilities are there?

What is the average severity of opnsense core CVEs?

References

Track opnsense core vulnerabilities