# OPNsense update fixes critical root vulnerability and other security risks

_Friday, July 10, 2026 at 8:00 AM EDT · Security · Latest · Tier 2 — Notable_

![OPNsense update fixes critical root vulnerability and other security risks — Primary](https://heise.cloudimg.io/bound/1200x1200/q85.png-lossy-85.webp-lossy-85.foil1/_www-heise-de_/imgs/18/5/1/1/2/0/4/4/shutterstock_2649976727-ec63aafde4546be0.jpg)

OPNsense released versions 26.1.11 and 26.4.1(p1) to fix a critical root vulnerability and other security risks. The update addresses CVE-2026-57155, a flaw in the GeoIP alias component that could allow privilege escalation to root under certain conditions. According to explanations by vulnerability discoverer Jonas Ampferl, earlier versions did not sufficiently check the address or content of the database file, potentially allowing remote attackers to download manipulated archives and execute code as root. The vulnerability could be exploited with low access rights, including permission to edit firewall aliases. Users are advised to update their installations. Further details on the fixed vulnerabilities, ranging from moderate to high severity, are available in the advisory overview in the OPNsense GitHub repository. Release notes and update guides are provided for both Community and Business Editions.

## Sources

- [heise.de](https://www.heise.de/en/news/OPNsense-update-fixes-critical-root-vulnerability-and-other-security-risks-11355259.html)

---
Canonical: https://techandbusiness.org/newswire/1zexheHxKDYI99qGZtp5ab
Retrieved: 2026-07-11T02:08:14.705Z
Publisher: Tech & Business (techandbusiness.org)
