CVE-2026-44194 | OPNsense up to 26.1.7 sync_user.php os command injection (GHSA-f59w-m967-9rf6)

A vulnerability, which was classified as critical, has been found in OPNsense up to 26.1.7. This issue affects some unknown processing of the file core/src/opnsense/scripts/auth/sync_user.php. This manipulation causes os command injection.

This vulnerability appears as CVE-2026-44194. The attack may be initiated remotely. There is no available exploit.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More