CVE-2026-15429

Summary

A privilege escalation vulnerability exists in the HTTP authentication component in Archer VX1800v v1. Improper handling of user-controlled input may allow newline characters to be injected into internally constructed configuration data. 

An authenticated user with sufficient privileges may be able to modify account settings and gain elevated administrative privileges.

Affected Software

VendorProductVersion RangeStatus
TP-Link Systems Inc.Archer VX1800v v10 < 0.16.0 2.0.0 v6092.0 Build 260521 RC.7927naffected

Weaknesses

  • CWE-93: CWE-93 Improper neutralization of CRLF sequences ('CRLF injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References