CVE-2026-11851
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Improper Neutralization of Special Elements used in an SQL Command ("SQL Injection") in the web management interface of certain ASUS router models allows a remote authenticated user to disclose confidential information via a crafted request that bypasses existing input validation Refer to the ' Security Update for ASUS Router Firmware ' section on the ASUS Security Advisory for more information.
| CWE | CWE-89 |
| Vendor | asus |
| Product | router |
| Published | Jul 15, 2026 |
| Last Updated | Jul 15, 2026 |
Stay Ahead of the Next One
Get instant alerts for asus router
Be the first to know when new unknown vulnerabilities affecting asus router are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
ASUS / Router
ASUSWRT 3.0.0.4_386 series ASUSWRT 3.0.0.4_388 series ASUSWRT 3.0.0.6_102 series