Full Disclosure mailing list archives
OPNsense XPATH Injection (CVE-2026-53582)
From: evan
Date: Fri, 3 Jul 2026 20:56:32 +1000
SUMMARY: a stored XPATH injection allows any user with just ca manager/certificate manager perms to leak any secret key/any value in config.xml, thus achieving privilege escalation and potentially remote code execution. this can also likely be chaine...
