Deciso OPNsense diag_backup.php filename Command Injection Remote Code Execution Vulnerability

Deciso OPNsense contains a code execution vulnerability (CVE-2026-2035) that allows authenticated network-adjacent attackers to execute arbitrary code on affected systems. An attacker with valid credentials can leverage this medium-severity flaw to gain control of the firewall or network appliance. Security teams should prioritize applying patches from Deciso and implement network segmentation to limit access to OPNsense management interfaces until updates are available.