External risk intelligence

FreeBSD Installation Tools Vulnerable to Code Execution.

CVE advisorySeverity: HIGH (CVSS 7.5)

CVE-2026-45255

A vulnerability in FreeBSD's installation and configuration tools allows for code execution as root if a user initiates a Wi-Fi scan. An attacker within radio range could exploit this by creating a rogue access point with a specially crafted name, potentially impacting system integrity and data.

1Halo Surface Signal

OS Command Injection

Freebsd

14.314.415.0

External exposure likelihood

Halo Surface Signal score for CVE-2026-45255

The vulnerability requires the user to manually trigger a Wi-Fi scan within administrative tools (bsdinstall or bsdconfig) while in physical or radio range of a malicious access point. It is not reachable via the internet, does not run as a persistent service, and is limited to local system administration contexts.

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Horizon Alert

Summary of the vulnerability and why it matters

The identified vulnerability affects systems using bsdinstall or bsdconfig when they scan for Wi-Fi networks. The flaw lies in how network names are processed, allowing specially crafted names to execute commands. This could enable attackers to run code with administrative privileges on the affected system.

  • bsdinstall and bsdconfig
  • Unsafe processing of network names
  • Unauthorized command execution

Attack Path

How an attacker could exploit the issue

When bsdinstall or bsdconfig scan for Wi-Fi networks, a flaw in handling network names can allow a specially crafted network name to execute commands. This vulnerability can lead to the execution of code with root privileges on the affected system. An attacker needs to be within wireless range and create an access point with a malicious name.

  • System exposed via Wi-Fi scan.
  • Attacker creates malicious access point.
  • Specially crafted network name executes commands.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could allow attackers to execute commands with root privileges on systems running specific installation or configuration tools. The attack requires the attacker to be in close physical or radio proximity and to set up a malicious Wi-Fi access point with a specially crafted name. Organizations should treat this as a high-risk issue due to the potential for full system compromise.

  • Likely attacker skill level: High
  • Required access or conditions: Local network range
  • Business risk or urgency: High, warrants immediate attention

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability allows for code execution as root if a user prompts a system running specific administrative tools to scan for nearby Wi-Fi networks. An attacker within radio range could create a rogue access point with a specially crafted name to trigger the exploit. This could impact the confidentiality, integrity, and availability of the affected system and any data it processes.

  • Identify systems using vulnerable tools.
  • Restrict Wi-Fi scanning where possible.
  • Apply vendor updates and verify.
  • Monitor for related security events.

Frequently asked questions

What are bsdinstall and bsdconfig in FreeBSD?

bsdinstall and bsdconfig are tools used in FreeBSD for installing and configuring the operating system. They are part of the system's setup process, assisting users with tasks like partitioning disks and setting up network connections, including scanning for Wi-Fi networks.

What type of vulnerability is CVE-2026-45255?

CVE-2026-45255 is a command injection vulnerability (CWE-78). This means that an attacker can trick the software into running unintended commands on the system by providing specially crafted input, in this case, a Wi-Fi network name.

How can an attacker exploit CVE-2026-45255?

An attacker needs to create a Wi-Fi access point with a malicious network name and be within wireless range of a system running vulnerable versions of bsdinstall or bsdconfig. When these tools scan for networks, the crafted name can be interpreted as commands, allowing code execution as root.

Who needs to worry about this CVE-2026-45255 threat?

This vulnerability is classified as internal. It affects systems that are part of a local network where an attacker can be physically or wirelessly present, posing a risk to systems configured or installed using these specific FreeBSD tools.

What is the first step to address CVE-2026-45255 on my FreeBSD system?

The initial step is to identify if your FreeBSD system uses bsdinstall or bsdconfig and is configured to scan for Wi-Fi networks. It is recommended to restrict Wi-Fi scanning if not essential and to apply any available vendor updates once they are released by FreeBSD.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished