The CERT-FR has warned of multiple vulnerabilities in Netgate products that allow remote code execution and cross‑site scripting. The flaws, detailed in four Netgate security bulletins dated 1 April 2026, could enable an attacker to run arbitrary code on affected devices or inject malicious code into web interfaces. Systems impacted include pfSense Community Edition 2.8.1 without the latest security patches, earlier CE releases, and pfSense Plus versions earlier than 26.07. Administrators are advised to download and apply the patches published in the Netgate bulletins, which are available on the Netgate website. The vulnerability assessment is managed under the CERT-FR reference CERTFR-2026-AVI-0387 and was first released on 2 April 2026. Users should verify that their devices run the latest CE version 2.8.2 or later, or upgrade to the latest pfSense Plus release.
Summary of content from
Made by AI. If you spot anything of concern write us at contact@cybach.com. We’ll promptly correct irregularities.