CVE-2026-30868
OPNsense/CVE-2026-30868 is a CSRF flaw in the FreeBSD-based firewall platform where multiple MVC API endpoints allow state-changing actions via HTTP GET without CSRF protection. The CSRF validation in ApiControllerBase applies only to POST/PUT/DELETE, enabling an authenticated user to trigger pri...