CVE-2026-42511 Breakdown: RCE in FreeBSD
a day ago
- #FreeBSD
- #DHCP Vulnerability
- #Remote Command Execution
- AISLE discovered a remote command execution vulnerability (CVE-2026-42511) in FreeBSD's dhclient that allows attackers on the same local network to execute commands as root.
- The vulnerability originated from importing OpenBSD's dhclient in FreeBSD-6.0 (2005) and involves improper sanitization of attacker-controlled DHCP data (e.g., filename and server_name fields) written to lease files.
- Exploitation involves a malicious DHCP server injecting shell commands into lease files, which are later executed via dhclient-script's eval command during DHCP lifecycle events like renewals.
- The flaw affects any FreeBSD system using DHCP, including servers and devices like laptops or gaming consoles (e.g., PlayStation, Nintendo Switch), making it wormable and trivially weaponizable.
- AISLE's AI-based source code analysis pipeline identified the vulnerability, which was fixed by FreeBSD in April 2026, and it also impacted OpenBSD until dhclient was deprecated in 2022.