Description

The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by dhclient, e.g., after a system restart, an attacker-controlled field from the lease is passed to dhclient-script(8), which evaluates it. A rogue DHCP server may be able to execute arbirary code as root on a system running dhclient.

INFO

Published Date :

2026-04-30T06:56:36.929Z

Last Modified :

2026-05-01T15:25:37.800Z

Source :

freebsd
AFFECTED PRODUCTS

The following products are affected by CVE-2026-42511 vulnerability.

Vendors Products
Freebsd
  • Freebsd
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-42511.

URL Resource
https://security.freebsd.org/advisories/FreeBSD-SA-26:12.dhclient.asc cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System