Chasing the OPNsense RCE: The Story Behind My First CVEs

HackerAsk 16 points 2 comments July 01, 2026
hackerask.com · View on Hacker News

Discussion Highlights (2 comments)

pizzalife

Why did you not mention LLM use in the post at all? Are you not using LLMs as part of your toolkit in 2026?

bill_mcgonigle

For those wondering this gives full system compromise to an authenticated user with permissions to edit the firewall, AIUI. Nasty but I was expecting a remote unauthenticated attack at 9.9. Hopefully you don't allow admin on WAN! Thanks for finding the bugs and writing about the design pattern problem, HackerAsk.

Semantic search powered by Rivestack pgvector
14,015 stories · 131,331 chunks indexed