What is CVE-2026-32326?

CVE-2026-32326 is a medium-severity vulnerability in Sharp Corporation 5g Mobile Router Sh-u01, classified under Missing Authentication for Critical Function. CVSS score: 5.7/10. Published 2026-03-25.

How severe is CVE-2026-32326?

Medium severity. CVSS v3 base score is 5.7 out of 10.

Auth bypass in Sharp Corporation 5g Mobile Router Sh-u01

CVE-2026-32326

SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over.

Vulnerability class: Broken Authentication

EPSS: 0.000 (4.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.7 (Medium). Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Sharp Corporation 5g Mobile Router Sh-u01 — versions S4.48.00 and earlier
Sharp Corporation Home 5g Hr01 — versions 38JP_0_490 and earlier
Sharp Corporation Home 5g Hr02 — versions S5.A1.00 and earlier
Sharp Corporation Pocket Wifi 5g A503sh — versions S7.41.00 and earlier
Sharp Corporation Speed Wi-fi 5g X01 — versions 3RJP_2_03I and earlier
Sharp Corporation Wi-fi Station Sh-52a — versions 38JP_2_03J and earlier
Sharp Corporation Wi-fi Station Sh-52b — versions S3.87.15 and earlierr
Sharp Corporation Wi-fi Station Sh-54c — versions S6.64.00 and earlier

Weakness classification (CWE)

CWE-306 — Missing Authentication for Critical Function

References

Frequently asked questions

What is CVE-2026-32326?: CVE-2026-32326 is a medium-severity vulnerability in Sharp Corporation 5g Mobile Router Sh-u01, classified under Missing Authentication for Critical Function. CVSS score: 5.7/10. Published 2026-03-25.
How severe is CVE-2026-32326?: Medium severity. CVSS v3 base score is 5.7 out of 10.