Command Injection Vulnerability in luci-proto-openvpn by OpenWrt
CVE-2026-58000

8.7HIGH

Key Information:

Vendor: Openwrt
Status: Luci
Vendor: CVE Published:; 29 June 2026

What is CVE-2026-58000?

The luci-proto-openvpn package, up to version 0.11.1, is vulnerable to a command injection attack due to improper handling of the cl_meta parameter in the generateKey ubus method. An authenticated user with access to OpenVPN configuration can exploit this flaw by injecting arbitrary shell metacharacters into the cl_meta field. This allows the execution of commands with root privileges through the vulnerable popen function, potentially compromising the security of the system.

Affected Version(s)

luci 0 <= 0.11.1

luci e4ff45ecbc6ad212951815c8c99b2749fbd7de6b

References

https://github.com/openwrt/luci/security/advisories/GHSA-...

vendor-advisory

https://github.com/openwrt/luci/commit/e4ff45ecbc6ad21295...

patch

https://www.vulncheck.com/advisories/luci-proto-openvpn-c...

third-party-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 29, 2026
Vulnerability Reserved
Jun 26, 2026

Credit

George Chen

CVE-2026-58000 Data

JSON

Openwrt

What is CVE-2026-58000?

Affected Version(s)

References

CVSS V4

Timeline

Credit