CVE-2026-9151EPSS p59.8%

CVE-2026-9151CVE-2026-9151

Description

An OS command injection vulnerability exists in the VPN module of TP-Link Archer AX12 v1, AX17 v1. AX18 v1, and AX1300 v1.6 routers. This vulnerability allows an adjacent, authenticated attacker to execute arbitrary commands on the device by importing a specially crafted VPN client configuration file. The issue stems from improper filtering of special characters.  Successful exploitation of this vulnerability may enable an attacker to gain full control of the affected device, potentially compromising configuration integrity, network security, and service availability.

Scoring

EPSS1.05% probability of exploitation · percentile 59.8% · 2026-06-18T12:00:27Z
Last modified2026-06-10

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-22226
CVE
CVE-2026-30815
CVE
CVE-2026-22221
CVE
CVE-2026-0631
CVE
TP-Link Archer AX-21 Command Injection Vulnerability
CVE
CVE-2026-22223
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.