CVE-2026-42062CRITICAL 9.8EPSS p73.2%

CVE-2026-42062CVE-2026-42062

Description

ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authentication is required.

Scoring

CVSS 3.09.8 (CRITICAL)
VectorCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS1.63% probability of exploitation · percentile 73.2% · 2026-06-18T12:00:27Z
Published2026-05-13
Last modified2026-05-13

Underlying weaknesses· 1

CWE-78

References

  1. https://jvn.jp/en/jp/JVN03037325/
  2. https://www.elecom.co.jp/news/security/20260512-01/

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')cwe-780%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-22550
CVE
CVE-2026-40621
CVE
CVE-2026-24465
CVE
CVE-2026-25196
CVE
CVE-2025-27797
CVE
CVE-2026-10166
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.