CVE-2026-1723

UNKNOWN 0.0

TOTOLINK X6000R Unauthenticated Command Injection Vulnerability

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1498_B20250826.

CWE	CWE-78
Vendor	totolink
Product	x6000r
Published	Jan 30, 2026
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for totolink x6000r

Be the first to know when new unknown vulnerabilities affecting totolink x6000r are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

TOTOLINK / X6000R

0 ≤ V9.4.0cu.1498_B20250826

References

NVD ↗ CVE.org ↗ EPSS Data ↗

totolink.net: https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/247/ids/36.html github.com: https://github.com/PaloAltoNetworks/u42-vulnerability-disclosures/blob/main/2025/PANW-2026-0001/PANW-2026-0001.md