Skip to content
Full Disclosure mailing list archives OPNsense XPATH Injection (CVE-2026-53582) From: evan Date: Fri, 3 Jul 2026 20:56:32 +1000 SUMMARY: a stored XPATH injection allows any user with just ca manager/certificate manager perms to leak any secret key/any value in config.xml, thus achieving privilege escalation and potentially remote code execution. this can also likely be chaine...