Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
GL-iNet GL-AR300M16: Uncontrolled Code Execution via Log Function
CVE-2026-26795
Summary
A bug in the GL-iNet GL-AR300M16's log system allows hackers to run unauthorized commands. This could lead to data theft, device compromise, or other malicious actions. Update to the latest version to patch this vulnerability.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| gl-inet | ar300m16_firmware | 4.3.11 | – |
Original title
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.get_system_log function. This vulnerability allows attackers to execute arb...
Original description
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.get_system_log function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
Vulnerability type
CWE-77
Command Injection
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026