CVE-2026-27849
🚨 CRITICALDue to missing neutralization of special elements, OS commands can be injected via the update functionality of a TLS-SRP connection, which is normally used for configuring devices inside the mesh netw...
Description
Request Expert ReviewDue to missing neutralization of special elements, OS commands can be injected via the update functionality of a TLS-SRP connection, which is normally used for configuring devices inside the mesh network. This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.
CVSS Scores
References
Additional Information
- Source
- a6d3dc9e-0591-4a13-bce7-0f5b31ff6158
- State
- Awaiting analysis
Related CVEs
CVE-2026-4111
HIGHA flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path....
CVE-2026-4105
MEDIUMA flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the clas...
CVE-2026-4063
MEDIUMThe Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check in th...
CVE-2026-3986
MEDIUMThe Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form settings in all versions up to, and includin...
CVE-2026-3910
HIGHInappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a...
CVE-2026-3909
HIGHOut of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTM...
Share CVE-2026-27849
Share on Social Media
Copy Link
Embed Code
Request Expert Analysis
Request a professional security analysis for CVE-2026-27849 from our verified experts.
Credits System
Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!