CyberRota
← Ana sayfaya dön

CVE-2026-11448

MEDIUM · CVSS 4.7 EPSS %1.58 Public Exploit

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-06-07T03:16:26.233 · Çekilme zamanı: 2026-06-30T12:12:13.040600+00:00

CyberRota Yorumu

Uzaktan istismar edilebilir olabilir.

Public Exploit Sinyali

Bu CVE için açıklama veya referanslarda public exploit / PoC / GitHub / Metasploit sinyali tespit edildi.

GitHub PoC Linkleri
github.com

Not: Bu bağlantılar yalnızca güvenlik araştırması ve doğrulama amacıyla listelenmiştir.

CVE
CVE-2026-11448
Severity
MEDIUM
CVSS
4.7
EPSS
%1.58

Orijinal NVD Açıklaması

A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. The affected element is the function realpath of the file /rpc of the component Minidlna Service. This manipulation of the argument kube. set causes command injection. The attack is possible to be carried out remotely. Upgrading to version 4.7 is sufficient to fix this issue. It is recommended to upgrade the affected component. The vendor confirms: "Starting from version 4.7, SDK has added global protection to intercept malicious injection".