RCE in Linksys Mr9600

CVE-2026-27849

Due to missing neutralization of special elements, OS commands can be injected via the update functionality of a TLS-SRP connection, which is normally used for configuring devices inside the mesh network. This issue affects MR9600: 1.0.4.2…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.001 (21.9th percentile) — read the EPSS interpretation.