{"uuid": "29b22dd6-0aa3-4e33-a70d-cf51ea2e49a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-44194", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116571047724307908", "content": "\ud83d\udea8 CVE-2026-44194 (CVSS 9.1): OPNsense core <26.1.8 is vulnerable to OS command injection via sync_user.php. Authenticated users with user-management rights can gain root. Update to 26.1.8 ASAP. https://radar.offseq.com/threat/cve-2026-44194-cwe-78-improper-neutralization-of-s-a7008329 #OffSeq #OPNsense #Vuln #BlueTeam", "creation_timestamp": "2026-05-14T04:30:48.246198Z"}