What is CVE-2026-5509?

CVE-2026-5509 is a high-severity vulnerability in Tp-link Archer_be450, classified under Improper Input Validation. CVSS score: 7.2/10. Published 2026-05-27.

How severe is CVE-2026-5509?

High severity. CVSS v3 base score is 7.2 out of 10.

RCE in Tp-link Archer_be450

CVE-2026-5509

An authenticated command injection vulnerability exists in the Archer BE450 v1 and BE7200 v1 router that allows an administrator to execute arbitrary system commands through the web management interface. After successfully authenticating t…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.006 (70.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Tp-link Archer_be450 — versions 1.0
Tp-link Archer_be450_firmware
Tp-link Archer_be7200 — versions 1.0
Tp-link Archer_be7200_firmware
Tp-link Systems Inc. Archer Be450 V1 — versions 0
Tp-link Systems Inc. Archer Be7200 V1 — versions 0

Weakness classification (CWE)

References

f23511db-6c3e-4e32-a477-6aa17d310630 (Product, patch)
f23511db-6c3e-4e32-a477-6aa17d310630 (Product, patch)
f23511db-6c3e-4e32-a477-6aa17d310630 (Product, patch)
f23511db-6c3e-4e32-a477-6aa17d310630 (vendor-advisory, patch, Vendor Advisory)
f23511db-6c3e-4e32-a477-6aa17d310630 (third-party-advisory)

Frequently asked questions

What is CVE-2026-5509?: CVE-2026-5509 is a high-severity vulnerability in Tp-link Archer_be450, classified under Improper Input Validation. CVSS score: 7.2/10. Published 2026-05-27.
How severe is CVE-2026-5509?: High severity. CVSS v3 base score is 7.2 out of 10.