CVE-2026-45255

FreeBSD · bsdinstall / bsdconfig

A vulnerability in bsdinstall and bsdconfig allows for improper handling of Wi-Fi network names when using bsddialog(1) to prompt users for network selection.

Executive summary

A vulnerability in the FreeBSD bsdinstall and bsdconfig utilities may allow for improper input handling during Wi-Fi network scanning, posing a risk to system integrity.

Vulnerability

The vulnerability exists in how the utilities process lists of discovered Wi-Fi network names before passing them to bsddialog(1). This flaw likely requires an attacker to be in physical or wireless proximity to influence the scan results, potentially leading to command injection or display manipulation.

Business impact

Successful exploitation could allow an attacker to disrupt the installation process or execute arbitrary commands with the privileges of the user running the configuration utility. With a CVSS score of 7.5, this is considered a High-severity issue that could lead to unauthorized system access or complete compromise of the affected machine during the setup phase.

Remediation

Immediate Action: Consult the official FreeBSD security advisories to identify and apply the latest system updates that address this utility-specific flaw.

Proactive Monitoring: Review system logs for unusual activity during the execution of system configuration tools or Wi-Fi setup procedures.

Compensating Controls: Restrict access to system configuration utilities to authorized administrators only and ensure physical security of systems during the initial installation phase.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Given the severity of this vulnerability, administrators should prioritize patching FreeBSD systems where bsdinstall or bsdconfig are utilized. Follow the vendor’s guidance strictly to ensure that the underlying bsddialog libraries are correctly secured against malicious input.