CVE-2026-32292

Summary

The GL-iNet Comet (GL-RM1) KVM web interface does not limit login requests, enabling brute-force attempts to guess credentials.

Affected Software

VendorProductVersion RangeStatus
GL-iNetComet KVM0 < 1.7.2affected
GL-iNetComet KVM1.7.2unaffected

Weaknesses

  • CWE-307: CWE-307 Improper Restriction of Excessive Authentication Attempts

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References