| Summary | Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the post_reboot_commands property. NOTE: the Supplier disputes this because this installer is only available to admins and they are intentionally allowed to execute PHP code. |
|---|---|
| Publication Date | May 8, 2026, 4:16 p.m. |
| Registration Date | May 9, 2026, 4:12 a.m. |
| Last Update | May 9, 2026, 1:02 a.m. |