CVE-2026-40621CRITICAL 9.8EPSS p38.3%

CVE-2026-40621CVE-2026-40621

Description

ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication.

Scoring

CVSS 3.09.8 (CRITICAL)
VectorCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.49% probability of exploitation · percentile 38.3% · 2026-06-18T12:00:27Z
Published2026-05-13
Last modified2026-05-13

Underlying weaknesses· 1

CWE-288

References

  1. https://jvn.jp/en/jp/JVN03037325/
  2. https://www.elecom.co.jp/news/security/20260512-01/

1

TypeTargetConfidenceTier
WeaknessAuthentication Bypass Using an Alternate Path or Channelcwe-2880%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-42062
CVE
CVE-2026-24465
CVE
CVE-2026-22550
CVE
CVE-2026-30702
CVE
CVE-2026-28536
CVE
CVE-2025-52689
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.