What is CVE-2026-5959?

CVE-2026-5959 is a medium-severity vulnerability in Gl.inet Gl-rm1, classified under Improper Authentication. CVSS score: 6.6/10. Published 2026-04-09.

How severe is CVE-2026-5959?

Medium severity. CVSS v3 base score is 6.6 out of 10.

Auth bypass in Gl.inet Gl-rm1

CVE-2026-5959

A security flaw has been discovered in GL.iNet GL-RM1, GL-RM10, GL-RM10RC and GL-RM1PE 1.8.1. Affected by this issue is some unknown functionality of the component Factory Reset Handler. Performing a manipulation results in improper authen…

Vulnerability class: Broken Authentication

EPSS: 0.001 (35.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.6 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:O/RC:C.

Affected products

Gl.inet Gl-rm1 — versions 1.8.1, 1.8.2
Gl.inet Gl-rm10 — versions 1.8.1, 1.8.2
Gl.inet Gl-rm10rc — versions 1.8.1, 1.8.2
Gl.inet Gl-rm1pe — versions 1.8.1, 1.8.2

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

VDB-356512 | GL.iNet GL-RM1/GL-RM10/GL-RM10RC/GL-RM1PE Factory Reset improper authentication (vdb-entry)
VDB-356512 | CTI Indicators (IOB, IOC) (signature, permissions-required)
Submit #786688 | GL.iNet KVM 1.8.1 Access Authentication Bypass (third-party-advisory)
github.com/gl-inet/CVE-issues/blob/main/KVM/1.8.1/Remote Access Authentication… (related)
dl.gl-inet.com/kvm/ (patch)

Frequently asked questions

What is CVE-2026-5959?: CVE-2026-5959 is a medium-severity vulnerability in Gl.inet Gl-rm1, classified under Improper Authentication. CVSS score: 6.6/10. Published 2026-04-09.
How severe is CVE-2026-5959?: Medium severity. CVSS v3 base score is 6.6 out of 10.