CVE-2026-26795 is a critical command injection vulnerability identified in the GL-iNet GL-AR300M16 router firmware version 4.3.11. The vulnerability resides in the M.get_system_log function, specifically through the module parameter, which does not properly sanitize user input. This allows an attacker to inject arbitrary commands that the system executes with the privileges of the affected service, potentially leading to full device compromise. The vulnerability can be exploited remotely without authentication, making it highly accessible to attackers. While no public exploits have been reported yet, the nature of command injection vulnerabilities typically enables attackers to gain control over the device, manipulate system logs, execute malicious payloads, or pivot into internal networks. The GL-AR300M16 is a compact travel router popular among individual users and small businesses for secure internet access and VPN connectivity. The lack of a CVSS score indicates that the vulnerability is newly disclosed, but the technical details and attack vector suggest a high-risk issue. The absence of official patches or mitigation instructions in the provided data highlights the urgency for affected users to monitor vendor advisories closely. Given the device’s role in network infrastructure, exploitation could compromise network confidentiality, integrity, and availability, potentially leading to data breaches or network disruptions.

The impact of CVE-2026-26795 is significant for organizations and individuals using the GL-iNet GL-AR300M16 router. Successful exploitation allows attackers to execute arbitrary commands remotely without authentication, potentially leading to full device takeover. This can result in unauthorized access to network traffic, interception or manipulation of data, installation of persistent malware, or use of the device as a pivot point for further attacks within internal networks. The compromise of such routers can disrupt network availability and degrade trust in secure communications, especially in environments relying on these devices for VPN or firewall functions. Small businesses and remote workers using these routers are particularly vulnerable due to limited security monitoring. The absence of known exploits in the wild currently reduces immediate risk but does not preclude rapid weaponization once the vulnerability details become widely known. Overall, the vulnerability poses a high risk to confidentiality, integrity, and availability of affected systems.

To mitigate CVE-2026-26795, affected users should first check for and apply any official firmware updates released by GL-iNet addressing this vulnerability. If no patch is available, users should consider disabling or restricting access to the M.get_system_log function or the affected module parameter, if configurable. Network segmentation can limit exposure by isolating the router from critical internal systems. Employing strict firewall rules to restrict management interface access to trusted IP addresses reduces the attack surface. Monitoring network traffic for unusual command execution patterns or unexpected system log queries can help detect exploitation attempts. Users should also consider replacing vulnerable devices with models confirmed to be secure if timely patches are unavailable. Regularly reviewing vendor advisories and subscribing to security bulletins ensures prompt awareness of updates. Finally, implementing multi-factor authentication and strong passwords on device management interfaces, even if not directly preventing this vulnerability, improves overall security posture.