CVE-2026-26793 is a command injection vulnerability identified in the GL-iNet GL-AR300M16 router firmware version 4.3.11. The vulnerability resides in the set_config function, which improperly handles user-supplied input, allowing attackers to inject arbitrary commands. Command injection vulnerabilities enable attackers to execute shell commands on the underlying operating system, potentially leading to full device compromise. This can allow attackers to manipulate device configurations, intercept or redirect network traffic, deploy malware, or use the device as a foothold for further network intrusion. The vulnerability does not require authentication, meaning an attacker can exploit it remotely without credentials, increasing the attack surface. Although no public exploits or patches are currently available, the risk remains significant due to the nature of the flaw. The GL-iNet GL-AR300M16 is a popular router model used in small office and home networks, often deployed in regions with growing IoT adoption. The lack of a CVSS score necessitates an expert severity assessment based on impact and exploitability factors. Given the potential for complete control over the device and the ease of exploitation, this vulnerability poses a high risk to affected users. Mitigation strategies include applying firmware updates when available, restricting access to device management interfaces, and implementing network segmentation to isolate vulnerable devices.

The primary impact of CVE-2026-26793 is the potential for attackers to gain unauthorized remote command execution on affected GL-iNet GL-AR300M16 routers. This can lead to full compromise of the device, allowing attackers to alter configurations, disrupt network traffic, or use the device as a pivot point for lateral movement within an organization’s network. For organizations, this could result in data breaches, loss of network availability, and exposure of sensitive information. In environments where these routers are used as gateways or VPN endpoints, the compromise could undermine overall network security. The vulnerability’s ease of exploitation without authentication increases the likelihood of attacks, especially in poorly secured or exposed network environments. Although no known exploits are currently reported, the vulnerability’s presence in widely deployed consumer and small business routers means the potential attack surface is significant. The impact extends beyond individual users to organizations relying on these devices for secure connectivity, potentially affecting confidentiality, integrity, and availability of network resources.

1. Monitor GL-iNet’s official channels for firmware updates addressing CVE-2026-26793 and apply patches promptly once available. 2. Until patches are released, restrict remote access to the router’s management interface by limiting access to trusted IP addresses and disabling remote administration features. 3. Implement network segmentation to isolate GL-iNet routers from critical infrastructure and sensitive data environments, reducing lateral movement risk. 4. Employ intrusion detection/prevention systems (IDS/IPS) to monitor for suspicious command injection attempts targeting the set_config function or unusual device behavior. 5. Regularly audit router configurations and logs for signs of compromise or unauthorized changes. 6. Educate users and administrators about the risks of exposing device management interfaces to the internet and encourage strong password policies. 7. Consider replacing affected devices with models that have a stronger security track record if immediate patching is not feasible.