Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
GL-iNet GL-AR300M16: SQL injection allows unauthorized access
CVE-2026-26794
Summary
An attacker can inject malicious database commands to access sensitive data. This affects the GL-iNet GL-AR300M16 router's web interface. To fix this, update your router to the latest version or patch the vulnerability as soon as possible.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| gl-inet | ar300m16_firmware | 4.3.11 | – |
Original title
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the add_group() function. This vulnerability allows attackers to execute arbitrary SQL database operations vi...
Original description
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the add_group() function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request.
Vulnerability type
CWE-89
SQL Injection
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026