CVE-2026-27847
Missing authentication in Linksys MR9600, Linksys MX4200
CVSS Score
9.8
EPSS Score
0.0%
EPSS Percentile
0th
Due to improper neutralization of special elements, SQL statements can be injected via the handshake of a TLS-SRP connection. This can be used to inject known credentials into the database that can be utilized to successfully complete the handshake and use the protected service. This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.
| CWE | CWE-89 |
| Vendor | linksys |
| Product | mr9600 |
| Published | Feb 25, 2026 |
| Last Updated | Feb 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for linksys mr9600
Be the first to know when new critical vulnerabilities affecting linksys mr9600 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Linksys / MR9600
1.0.4.205530
Linksys / MX4200
1.0.13.210200