THREAT OPS › Threat News › OPNsense XPATH Injection (CVE-2026-53582)
OPNsense XPATH Injection (CVE-2026-53582)
<p>Posted by evan on Jul 06</p>SUMMARY: a stored XPATH injection allows any user with just ca<br /> manager/certificate manager perms to leak any secret key/any value in<br /> config.xml, thus achieving privilege escalation and potentially remote<br /> code execution. this can also likely be chained via csrf and some<br /> clever hiding. see<br /> <a href="https://github.com/opnsense/core/security
Indicators of compromise
- CVE-2026-53582cve
Original source: https://seclists.org/fulldisclosure/2026/Jul/18