CVE-2026-34127EPSS p14.8%

CVE-2026-34127CVE-2026-34127

tp-link / tl-sg108pe_firmware

Description

A stored cross-site scripting (XSS) vulnerability has been identified in the web management interface of TP-Link's TL-SG108PE v5 switch due to improper sanitation of the SYSNAM configuration parameter during configuration file import. An attacker with administrator access can inject malicious script into the device configuration, which may be stored and executed in the administrator’s browser when the affected interface is viewed.     Successful exploitation may allow session cookie theft, unauthorized configuration changes, or access to sensitive information exposed through the management interface.

Scoring

CVSS 4.8 ()
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
EPSS0.24% probability of exploitation · percentile 14.8% · 2026-06-18T12:00:27Z
Last modified2026-06-01

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-34121
CVE
CVE-2026-0652
CVE
CVE-2026-1457
CVE
CVE-2026-3294
CVE
CVE-2025-14756
CVE
CVE-2026-0654
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.