CVE-2026-45255
HIGHDescription
When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog(1) to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not careful to prevent expansion by the shell. As a result, a suitably crafted network name can be used to execute commands via a subshell. The problem can be exploited to execute code as root on the system running bsdinstall or bsdconfig. The attacker would need to create an access point with a specially crafted name and be within range of a Wi-Fi scan. Note that bsdinstall and bsdconfig are vulnerable as soon as the user prompts them to scan for nearby networks; they do not need to actually select the malicious network.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
| freebsd | freebsd |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2026-45255? +
How severe is CVE-2026-45255? +
What products are affected by CVE-2026-45255? +
How do I check if I'm vulnerable to CVE-2026-45255? +
Related Vulnerabilities
Penetration Testing engineers at Amazon discovered a vulnerability where the camera system failed to properly validate input, allowing specially crafted …
An OS Command Injection vulnerability exists in Aterm. If a malicious third person gains administrator access to the product’s web …
3onedata modbus gateway device model GW1101-1D(RS-485)-TB-P (hardware version V2.2.0) allows authenticated users to execute arbitrary shell commands in the context …
WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the adm.cgi binary's reboot_time function that …
WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the makeRequest.cgi binary that allows unauthenticated …
WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the internet.cgi binary that allows unauthenticated …