FreeBSD Patches Critical DHCP Client Vulnerability Allowing Root-Level Remote Code Execution
The FreeBSD Project has issued a critical security advisory (CVE-2026-42511) addressing a severe flaw in its default IPv4 DHCP client, dhclient(8). The vulnerability enables a local network attacker to execute arbitrary code with root privileges, granting full control over affected systems.
The issue stems from improper handling of the BOOTP file field in DHCP server responses. When a device requests network configuration, dhclient writes the received BOOTP data to a local lease file without sufficient validation. This oversight allows malicious actors to craft malicious DHCP responses, triggering code execution during lease processing.
The flaw underscores the risks of untrusted network environments, even within seemingly secure internal networks. FreeBSD has released patches to mitigate the vulnerability, urging administrators to update affected systems promptly. No active exploitation has been reported at this time.
Source: https://www.linkedin.com/feed/update/urn:li:activity:7456962127459946496
FreeBSD Project TPRM report: https://www.rankiteo.com/company/freebsd
"id": "fre1777883056",
"linkid": "freebsd",
"type": "Vulnerability",
"date": "5/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Technology/Software',
'name': 'FreeBSD Project',
'type': 'Open-Source Software Provider'}],
'attack_vector': 'Local Network',
'description': 'The FreeBSD Project has issued a critical security advisory '
'(CVE-2026-42511) addressing a severe flaw in its default IPv4 '
'DHCP client, *dhclient(8)*. The vulnerability enables a local '
'network attacker to execute arbitrary code with root '
'privileges, granting full control over affected systems. The '
'issue stems from improper handling of the BOOTP file field in '
'DHCP server responses, allowing malicious actors to craft '
'malicious DHCP responses, triggering code execution during '
'lease processing.',
'impact': {'operational_impact': 'Potential full system compromise with '
'root-level access',
'systems_affected': 'All FreeBSD systems using the default IPv4 '
'DHCP client (*dhclient(8)*)'},
'lessons_learned': 'The flaw underscores the risks of untrusted network '
'environments, even within seemingly secure internal '
'networks.',
'post_incident_analysis': {'corrective_actions': 'Patches released to address '
'the improper handling of '
'BOOTP data',
'root_causes': 'Improper validation of BOOTP file '
'field in DHCP server responses'},
'recommendations': 'Update affected FreeBSD systems promptly to apply the '
'released patches.',
'references': [{'source': 'FreeBSD Security Advisory'}],
'response': {'communication_strategy': 'Security advisory issued',
'containment_measures': 'Patches released to mitigate the '
'vulnerability',
'remediation_measures': 'Administrators urged to update affected '
'systems promptly'},
'title': 'FreeBSD DHCP Client Vulnerability (CVE-2026-42511)',
'type': 'Vulnerability Exploitation',
'vulnerability_exploited': 'Improper handling of BOOTP file field in DHCP '
'server responses (CVE-2026-42511)'}