CVE-2026-45255
Code Execution via Wi-Fi Network Name in bsdinstall/bsdconfig
Publication date: 2026-05-21
Last updated on: 2026-05-21
Assigner: FreeBSD
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| freebsd | freebsd | to 14.3-RELEASE-p14 (exc) |
| freebsd | bsdinstall | * |
| freebsd | bsdconfig | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-45255 is a security vulnerability in FreeBSD's bsdinstall and bsdconfig utilities, which are used for system installation and configuration including Wi-Fi setup.
When these tools scan for nearby Wi-Fi networks, they build a list of network names and use a shell script to prompt the user to select a network. However, the code handling these network names does not properly prevent shell expansion.
As a result, an attacker can create a Wi-Fi access point with a specially crafted name that includes malicious shell commands. When the scan occurs, these commands can be executed in a subshell with root privileges on the system running bsdinstall or bsdconfig.
Importantly, the attacker only needs to be within range of the Wi-Fi scan; the user does not need to select the malicious network for the exploit to succeed.
How can this vulnerability impact me? :
This vulnerability allows an attacker to execute arbitrary code with root privileges on a system running bsdinstall or bsdconfig during a Wi-Fi scan.
The attacker can gain full control over the affected system, potentially leading to unauthorized access, data theft, system compromise, or installation of persistent malware.
Since the exploit occurs during the installation or configuration phase, it can undermine the security of a new or reconfigured system before it is fully secured.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability occurs when bsdinstall or bsdconfig scan for nearby Wi-Fi networks and process network names without proper shell escaping, allowing command execution via specially crafted network names.
Detection involves checking if the system is running vulnerable versions of FreeBSD and if bsdinstall or bsdconfig have been used to scan Wi-Fi networks recently.
Since the vulnerability is triggered by scanning Wi-Fi networks, monitoring for unusual or suspicious Wi-Fi access point names in the vicinity could help identify potential exploitation attempts.
No specific commands are provided in the available resources to detect exploitation or scan for the vulnerability directly.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading FreeBSD to versions where the issue is fixed: 15.0-RELEASE-p9, 14.4-RELEASE-p5, 14.3-RELEASE-p14, or later stable branches.
Until patched, avoid using bsdinstall or bsdconfig to scan for Wi-Fi networks.
As a workaround, configure Wi-Fi manually without using the scanning feature in these utilities.