FreeBSD DHCP Client Vulnerability Enables Remote Code Execution as Root

Staff Editor 2026-05-05
FreeBSD DHCP Client Vulnerability Enables Remote Code Execution as Root

FreeBSD DHCP Client Vulnerability Enables Remote Code Execution as Root

https://cybersecuritynews.com/freebsd-dhcp-client-vulnerability/

Publish Date: 2026-05-05 04:44:00

Source Domain: cybersecuritynews.com

The FreeBSD Project has released a critical security advisory addressing a severe flaw in its default IPv4 DHCP client.

Tracked as CVE-2026-42511, this vulnerability allows a local network attacker to execute arbitrary code as root, granting them complete control over the compromised machine.

Discovered by Joshua Rogers of the AISLE Research Team, the vulnerability affects all currently supported versions of FreeBSD.

FreeBSD DHCP Client Vulnerability

The core issue resides in how dhclient(8) processes network configuration parameters from DHCP servers.

When a device joins a network, it requests IP configuration data. The DHCP client takes the provided BOOTP file field and writes it to a local DHCP lease file.

However, a critical parsing error occurs during this process: the software fails to escape embedded double-quotes properly.

This oversight allows a malicious actor to inject arbitrary configuration directives directly into the dhclient.conf file.

When the lease file is later re-parsed, such as during a system restart or a network service reload, these attacker-controlled fields are passed to dhclient-script(8).

Because this script evaluates the input with high-level system privileges, the injected commands are executed as root.

To successfully exploit CVE-2026-42511, an attacker must be on the same broadcast domain (local network) as the target.

By deploying a rogue DHCP server, the attacker can intercept and respond to the victim’s DHCP requests with maliciously crafted data packets.

Once triggered, the vulnerability results in total system compromise. An attacker could establish persistent backdoors, deploy ransomware, or pivot deeper into the corporate network.

From a threat intelligence perspective, this aligns with MITRE ATT&CK techniques for Adversary-in-the-Middle (T1557) and Command and Scripting Interpreter (T1059).

The vulnerability is present across all supported FreeBSD releases and stable…

Source

More Stories

DentaQuest Data Breach Analysis: ShinyHunters Leak Exposes PII and PHI of 2.6 Million Members in 2026 – Rescana

DentaQuest Data Breach Analysis: ShinyHunters Leak Exposes PII and PHI of 2.6 Million Members in 2026 – Rescana

Staff Editor 2026-06-07
Automotive Cybersecurity News Q1 2026 – Vehicle Vulnerabilities Double Year-on-Year And Hackers “Brick” Thousands of Cars | Press Releases

Automotive Cybersecurity News Q1 2026 – Vehicle Vulnerabilities Double Year-on-Year And Hackers “Brick” Thousands of Cars | Press Releases

Staff Editor 2026-06-06
Project Glasswing: Key cybersecurity agencies set to get access to Anthropic’s Mythos | Business News

Project Glasswing: Key cybersecurity agencies set to get access to Anthropic’s Mythos | Business News

Staff Editor 2026-06-06

Terms and Conditions - Privacy Policy