CVE-2026-45255 FreeBSD CVE debrief

Who should care

FreeBSD administrators, operators of systems using bsdinstall or bsdconfig, and anyone who runs installation or configuration workflows near untrusted Wi‑Fi networks should treat this as a priority issue.

Technical summary

The issue is a shell-injection weakness in the Wi‑Fi network selection path used by bsdinstall and bsdconfig. Network names are collected into a list and passed through bsddialog-driven shell logic without sufficient protection against shell expansion, which can let a crafted access point name execute commands via a subshell. NVD lists the weakness as CWE-78 (OS Command Injection), and the advisory description indicates the result can be root-level code execution.

Defensive priority

High: the impact is root-level code execution, but exploitation requires proximity to a crafted access point and use of the affected scan prompt.

Recommended defensive actions

• Apply the vendor fix or update once the FreeBSD advisory or your distribution package notes provide a patched build.
• Avoid scanning for nearby Wi‑Fi networks from bsdinstall or bsdconfig in untrusted RF environments until patched.
• Prefer wired or otherwise trusted network setup paths for installation and configuration workflows.
• Track the FreeBSD security advisory referenced by NVD for any follow-on guidance or affected-release details.

Evidence notes

The supplied CVE description states that bsdinstall and bsdconfig use a shell script to handle Wi‑Fi network names and that insufficient escaping allows shell expansion, enabling command execution via a crafted network name. The NVD record supplied in the corpus references the FreeBSD Security Team advisory FreeBSD-SA-26:23.bsdinstall.asc and lists CWE-78 as the weakness. The corpus does not provide affected version ranges or a CVSS score.

Official resources