CVE-2026-44195

OPNsense: Authentication lockout bypass

CVSS 5.3 MEDIUMEPSS 0.3%CWE-307

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, a logic flaw in the OPNsense lockout_handler allows an unauthenticated attacker to continuously reset the authentication failure counter for their IP address. By interjecting a crafted username containing a success keyword ("Accepted" or "Successful login") between normal brute-force attempts, an attacker can prevent the failure counter from ever reaching the lockout threshold. This vulnerability is fixed in 26.1.7.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

opnsense · core

public PoCs found — 1

cve_referencegist.github.com/sopex/b9786e72e2a5d9b1bbd81ed8477c351bunverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://gist.github.com/sopex/b9786e72e2a5d9b1bbd81ed8477c351b https://github.com/opnsense/core/security/advisories/GHSA-h3vx-4q27-rc42