Technology

FreeBSD DHCP Client Vulnerability Enables Remote Code Execution as Root – CyberSecurityNews

Editorial Staff
Editorial Staff

The FreeBSD Project has released a critical security advisory addressing a severe flaw in its default IPv4 DHCP client.
Tracked as CVE-2026-42511, this vulnerability allows a local network attacker to execute arbitrary code as root, granting them complete control over the compromised machine.
Discovered by Joshua Rogers of the AISLE Research Team, the vulnerability affects all currently supported versions of FreeBSD.
The core issue resides in how dhclient(8) processes network configuration parameters from DHCP servers.
When a device joins a network, it requests IP configuration data. The DHCP client takes the provided BOOTP file field and writes it to a local DHCP lease file.
However, a critical parsing error occurs during this process: the software fails to escape embedded double-quotes properly.
This oversight allows a malicious actor to inject arbitrary configuration directives directly into the dhclient.conf file.
When the lease file is later re-parsed, such as during a system restart or a network service reload, these attacker-controlled fields are passed to dhclient-script(8).
Because this script evaluates the input with high-level system privileges, the injected commands are executed as root.
To successfully exploit CVE-2026-42511, an attacker must be on the same broadcast domain (local network) as the target.
By deploying a rogue DHCP server, the attacker can intercept and respond to the victim’s DHCP requests with maliciously crafted data packets.
Once triggered, the vulnerability results in total system compromise. An attacker could establish persistent backdoors, deploy ransomware, or pivot deeper into the corporate network.
From a threat intelligence perspective, this aligns with MITRE ATT&CK techniques for Adversary-in-the-Middle (T1557) and Command and Scripting Interpreter (T1059).
The vulnerability is present across all supported FreeBSD releases and stable branches, specifically:
The FreeBSD Project has already rolled out security patches.
System administrators should update their operating systems immediately using one of the following methods, as outlined in the FreeBSD advisory (FreeBSD-SA-26:12.dhclient).
1. Base System Packages:
For systems installed using base packages (amd64/arm64 on FreeBSD 15.0), run:
# pkg upgrade -r FreeBSD-base
2. Binary Distributions:
For other release versions, utilize the update utility:
# freebsd-update fetch
# freebsd-update install
There is no direct software workaround for devices that must run dhclient.
However, network administrators can neutralize this threat by enabling DHCP snooping on enterprise network switches.
DHCP snooping acts as a firewall between untrusted hosts and trusted DHCP servers, effectively blocking rogue DHCP servers from delivering the malicious payload to vulnerable endpoints. Systems not running dhclient(8) are completely unaffected.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis.
© Copyright 2026 – Cyber Security News

source

Anthropic: No "kill switch" for AI in classified settings – Axios
Tulane implements facial recognition software for employees, sparking confusion, controversy – The Tulane Hullabaloo
The best deals you can already grab from Amazon’s Big Spring Sale – The Verge
Op-Ed: Empower humans to combat New Jersey cyber risks – NJ Spotlight News
ET Awards 2025 | Mythos Cybersecurity threat to digital systems rivals Iran war: Nirmala Sitharaman – The Economic Times
Share This Article
Previous Article Masculine behaviour is bad for the planet says new research – University of Huddersfield
Next Article Power Poll 2026An Inside Scoop on Nevada’s Industries, Economy and Leadership – Nevada Business Magazine
Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *