CVE-2026-42511 - Vulnerability Analysis
HighCVSS: 8.1Last Updated: May 1, 2026
dhclient - Command Injection
Overview
dhclient contains a command injection caused by unescaped double-quotes in the BOOTP file field written to the lease file, letting a rogue DHCP server execute arbitrary code as root, exploit requires attacker to control DHCP server.
Severity & Score
Impact
A rogue DHCP server can execute arbitrary code as root, leading to full system compromise.
Mitigation
Update to the latest version with proper escaping of BOOTP file field.
Social Media Activity(2 posts)
4/ Three CVEs credited to Joshua Rogers of AISLE Research Team: ― CVE-2026-39457 <https://www.cve.org/CVERecord?id=CVE-2026-39457> FreeBSD-SA-26:16.libnv <https://security.freebsd.org/advisories/FreeBSD-SA-26:16.libnv.asc> ― CVE-2026-42511 <https://www.cve.org/CVERecord?id=CVE-2026-42511> FreeBSD-SA-26:12.dhclient <https://security.freebsd.org/advisories/FreeBSD-SA-26:12.dhclient.asc> ― CVE-2026-42512 <https://www.cve.org/CVERecord?id=CVE-2026-42512> FreeBSD-SA-26:15.dhclient <https://security.freebsd.org/advisories/FreeBSD-SA-26:15.dhclient.asc> <https://aisle.com/about-us>
View original post
4/ Three CVEs credited to Joshua Rogers of AISLE Research Team: ― CVE-2026-39457 <https://www.cve.org/CVERecord?id=CVE-2026-39457> FreeBSD-SA-26:16.libnv <https://security.freebsd.org/advisories/FreeBSD-SA-26:16.libnv.asc> ― CVE-2026-42511 <https://www.cve.org/CVERecord?id=CVE-2026-42511> FreeBSD-SA-26:12.dhclient <https://security.freebsd.org/advisories/FreeBSD-SA-26:12.dhclient.asc> ― CVE-2026-42512 <https://www.cve.org/CVERecord?id=CVE-2026-42512> FreeBSD-SA-26:15.dhclient <https://security.freebsd.org/advisories/FreeBSD-SA-26:15.dhclient.asc> <https://aisle.com/about-us>
View original postRelated Resources
Details
- CVE ID
- CVE-2026-42511
- Severity
- High
- CVSS Score
- 8.1
- Type
- command_injection
- Status
- modified
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-149
CVSS Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H