What is CVE-2026-35018?

CVE-2026-35018 is a high-severity vulnerability in Netcomm Wireless Pty Ltd Nf20mesh, classified under OS Command Injection. CVSS score: 8.8/10. Published 2026-06-23.

How severe is CVE-2026-35018?

High severity. CVSS v3 base score is 8.8 out of 10.

RCE in Netcomm Wireless Pty Ltd Nf20mesh

CVE-2026-35018

NetComm NF20MESH routers running firmware R6B031 and earlier contain an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands as root by injecting shell metacharacters into the…

Vulnerability class: Command Injection (OS Command Injection)

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Netcomm Wireless Pty Ltd Nf20mesh — versions 0

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

disclosure@vulncheck.com (technical-description)
disclosure@vulncheck.com (release-notes, patch)
disclosure@vulncheck.com (product)
disclosure@vulncheck.com (third-party-advisory)

Frequently asked questions

What is CVE-2026-35018?: CVE-2026-35018 is a high-severity vulnerability in Netcomm Wireless Pty Ltd Nf20mesh, classified under OS Command Injection. CVSS score: 8.8/10. Published 2026-06-23.
How severe is CVE-2026-35018?: High severity. CVSS v3 base score is 8.8 out of 10.