CVE-2026-11406 | GL.iNet MT3000 up to 4.4.5 OpenVPN Client Import Workflow ovpnclient.sh command injection
摘要
A vulnerability identified as <a href="https://vuldb.com/kb/risk">critical</a> has been detected in <a href="https://vuldb.com/product/gl">GL.iNet MT3000 up to 4.4.5</a>. This vulnerability affects unknown code of the file <em>ovpnclient.sh</em> of the component <em>OpenVPN Client Import Workflow</em>. This manipulation causes command injection. This vulnerability is registered as <a href="https://vuldb.com/cve/CVE-2026-11406">CVE-2026-11406</a>. Remote exploitation of the attack is possible. Furthermore, an exploit is available. You should upgrade the affected component. The vendor confirms: "This issue has been addressed by implementing malicious checks on OpenVPN configuration files to prevent command injection attacks carried through malicious configuration files."
标签
- CVE-2026-11406
扩展字段
{
"raw_pub_date": "Fri, 05 Jun 2026 20:31:31 +0200"
}