CVE-2026-45255
Analyzed Analyzed - Analysis Complete
Code Execution via Wi-Fi Network Name in bsdinstall/bsdconfig

Publication date: 2026-05-21

Last updated on: 2026-05-21

Assigner: FreeBSD

Description
When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog(1) to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not careful to prevent expansion by the shell. As a result, a suitably crafted network name can be used to execute commands via a subshell. The problem can be exploited to execute code as root on the system running bsdinstall or bsdconfig. The attacker would need to create an access point with a specially crafted name and be within range of a Wi-Fi scan. Note that bsdinstall and bsdconfig are vulnerable as soon as the user prompts them to scan for nearby networks; they do not need to actually select the malicious network.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-21
Last Modified
2026-05-21
Generated
2026-06-10
AI Q&A
2026-05-21
EPSS Evaluated
2026-06-09
NVD
CVE-2026-45255
EUVD
EUVD-2026-31263
Affected Vendors & Products
Showing 29 associated CPEs
Vendor Product Version / Range
freebsd freebsd 15.0
freebsd freebsd 15.0
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 15.0
freebsd freebsd 14.4
freebsd freebsd 15.0
freebsd freebsd 14.3
freebsd freebsd 14.4
freebsd freebsd 15.0
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.4
freebsd freebsd 14.4
freebsd freebsd 15.0
freebsd freebsd 15.0
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.4
freebsd freebsd 14.4
freebsd freebsd 15.0
freebsd freebsd 15.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-45255 is a security vulnerability in FreeBSD's bsdinstall and bsdconfig utilities, which are used for system installation and configuration including Wi-Fi setup.

When these tools scan for nearby Wi-Fi networks, they build a list of network names and use a shell script to prompt the user to select a network. However, the code handling these network names does not properly prevent shell expansion.

As a result, an attacker can create a Wi-Fi access point with a specially crafted name that includes malicious shell commands. When the scan occurs, these commands can be executed in a subshell with root privileges on the system running bsdinstall or bsdconfig.

Importantly, the attacker only needs to be within range of the Wi-Fi scan; the user does not need to select the malicious network for the exploit to succeed.

Impact Analysis

This vulnerability allows an attacker to execute arbitrary code with root privileges on a system running bsdinstall or bsdconfig during a Wi-Fi scan.

The attacker can gain full control over the affected system, potentially leading to unauthorized access, data theft, system compromise, or installation of persistent malware.

Since the exploit occurs during the installation or configuration phase, it can undermine the security of a new or reconfigured system before it is fully secured.

Detection Guidance

This vulnerability occurs when bsdinstall or bsdconfig scan for nearby Wi-Fi networks and process network names without proper shell escaping, allowing command execution via specially crafted network names.

Detection involves checking if the system is running vulnerable versions of FreeBSD and if bsdinstall or bsdconfig have been used to scan Wi-Fi networks recently.

Since the vulnerability is triggered by scanning Wi-Fi networks, monitoring for unusual or suspicious Wi-Fi access point names in the vicinity could help identify potential exploitation attempts.

No specific commands are provided in the available resources to detect exploitation or scan for the vulnerability directly.

Mitigation Strategies

Immediate mitigation steps include upgrading FreeBSD to versions where the issue is fixed: 15.0-RELEASE-p9, 14.4-RELEASE-p5, 14.3-RELEASE-p14, or later stable branches.

Until patched, avoid using bsdinstall or bsdconfig to scan for Wi-Fi networks.

As a workaround, configure Wi-Fi manually without using the scanning feature in these utilities.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45255. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart