CVE-2026-27848
Missing neutralization in Linksys MR9600, Linksys MX4200
CVSS Score
9.8
EPSS Score
0.0%
EPSS Percentile
0th
Due to missing neutralization of special elements, OS commands can be injected via the handshake of a TLS-SRP connection, which are ultimately run as the root user. This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.
| CWE | CWE-78 |
| Vendor | linksys |
| Product | mr9600 |
| Published | Feb 25, 2026 |
| Last Updated | Feb 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for linksys mr9600
Be the first to know when new critical vulnerabilities affecting linksys mr9600 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Linksys / MR9600
1.0.4.205530
Linksys / MX4200
1.0.13.210200