Chasing the OPNsense RCE: The Story Behind My First CVEs
Summary
HackerAsk shares a detailed write-up of discovering five vulnerabilities in OPNsense, including a high-severity RCE (CVE-2026-57155). The post covers the research process, moderate bugs (XPath injection, stored XSS), the exploit chain through the GeoIP alias importer, and responsible disclosure with patches in version 26.1.11.