{"vulnerability": "CVE-2026-57155", "sightings": [{"uuid": "806315ba-6dcd-441f-8a1e-f77fb086ba11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-57155", "type": "seen", "source": "https://bsky.app/profile/bestofhn.bsky.social/post/3mpm5rz56h52r", "content": "5 vulnerabilities in OPNsense including full RCE. Covers CVE-2026-57155 and four more issues.\n\nSubmit to upvote on HN\nhttps://news.ycombinator.com/submitlink?u=https%3A%2F%2Fhackerask.com%2Fposts%2Fopnsense%2F&amp;t=Chasing%20the%20OPNsense%20RCE%3A%20The%20Story%20Behind%20My%20First%20CVEs", "creation_timestamp": "2026-07-01T18:34:11.007575Z"}, {"uuid": "5fdc6027-4b07-4046-9acf-40697e115435", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-57155", "type": "seen", "source": "https://bsky.app/profile/diesec.bsky.social/post/3mq2h7kpxrk2h", "content": "CVE-2026-57155 (CVSS 9.9): OPNsense GeoIP alias bug lets a low-priv user hit root RCE via path traversal. 5th critical OPNsense CVE since May. Patch to 26.1.11 now.\u00a0\n\n\ud83c\uddec\ud83c\udde7 zurl.co/NbWxp\u00a0\n\ud83c\udde9\ud83c\uddea zurl.co/CFIqE \n\n#CyberSecurity #OPNsense #CVE", "creation_timestamp": "2026-07-07T11:00:05.341608Z"}, {"uuid": "5ac64b2d-5a3b-4c85-abe1-671afebfe35b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-57155", "type": "seen", "source": "https://bsky.app/profile/securityonline.bsky.social/post/3mq7p7dzj4i2d", "content": "OPNsense root RCE flaws are public with PoC code. CVE-2026-57155 (9.9) chains an arbitrary file write to root. Patch 26.1.11 or 26.4.1p1 now.\n\n#OPNsense #RootRCE #RCE #FirewallSecurity #CyberSecurity #Vulnerability #InfoSec #PoC", "creation_timestamp": "2026-07-09T13:06:27.015860Z"}]}