Tag
OPNsense versions prior to 26.1.6 are vulnerable to LDAP injection, allowing unauthenticated attackers to enumerate valid LDAP usernames and bypass group membership restrictions via the WebGUI login page.