What is the CVSS score of CVE-2026-42511?

CVE-2026-42511 has a CVSS 3.1 base score of 8.1 (High). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of FreeBSD dhclient are affected by CVE-2026-42511?

CVE-2026-42511 is a high-severity remote code execution vulnerability in FreeBSD dhclient that allows unauthenticated attackers on the network to execute arbitrary commands with root privileges by…

FreeBSD dhclient CVE-2026-42511

EUVD-2026-26350 HIGH

Improper Neutralization of Quoting Syntax (CWE-149)

2026-04-30 freebsd

RCE

8.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

May 01, 2026 - 16:29 vuln.today

v2 (cvss_changed)

Re-analysis Queued

May 01, 2026 - 16:22 vuln.today

cvss_changed

CVSS changed

May 01, 2026 - 16:22 NVD

7.3 (HIGH) 8.1 (HIGH)

Analysis Generated

Apr 30, 2026 - 14:22 vuln.today

CVSS changed

Apr 30, 2026 - 14:22 NVD

7.3 (HIGH)

EUVD ID Assigned

Apr 30, 2026 - 07:15 euvd

EUVD-2026-26350

Analysis Generated

Apr 30, 2026 - 07:15 vuln.today

CVE Published

Apr 30, 2026 - 06:56 nvd

HIGH 8.1

DescriptionNVD

The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by dhclient, e.g., after a system restart, an attacker-controlled field from the lease is passed to dhclient-script(8), which evaluates it.

A rogue DHCP server may be able to execute arbirary code as root on a system running dhclient.

AnalysisAI

Remote code execution as root in FreeBSD dhclient allows malicious DHCP servers to inject arbitrary commands via unsanitized BOOTP file field in DHCP responses. When dhclient writes lease data without escaping embedded double-quotes and later re-parses it (e.g., after system restart), injected dhclient.conf directives execute through dhclient-script. …

RemediationAI

Within 24 hours: Identify all FreeBSD systems using dhclient for DHCP configuration via network discovery or asset management tools; document current dhclient versions. Within 7 days: Implement network segmentation to restrict DHCP server access to trusted infrastructure only; disable DHCP on systems where static IP configuration is feasible. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-42511 vulnerability details – vuln.today

Back

FreeBSD dhclient CVE-2026-42511

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code