CVE-2026-35506

HIGH NVD

CVSS Score 7.2

Severity HIGH

Published May 13, 2026

Vendor unknown

Description

ELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of ping_ip_addr parameter. If processing a crafted request sent by a logged-in user, an arbitrary OS command may be executed.

References

https://jvn.jp/en/jp/JVN03037325/
https://www.elecom.co.jp/news/security/20260512-01/