CVE-2026-0406

UNKNOWN 0.0

Insufficient input validation in NETGEAR Nighthawk router XR1000v2

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

An insufficient input validation vulnerability in the NETGEAR XR1000v2 allows attackers connected to the router's LAN to execute OS command injections.

CWE	CWE-20
Vendor	netgear
Product	xr1000v2
Published	Jan 13, 2026
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for netgear xr1000v2

Be the first to know when new unknown vulnerabilities affecting netgear xr1000v2 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

NETGEAR / XR1000v2

0 ≤ 1.1.0.22

References

NVD ↗ CVE.org ↗ EPSS Data ↗

netgear.com: https://www.netgear.com/support/product/xr1000v2 kb.netgear.com: https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory

Credits

o4ncL1