CVE-2026-15428
An OS command injection vulnerability exists in Archer VX800v v1 due to insufficient input sanitization of the domain name parameter. An adj
CVSS
—
No CVSS
EPSS
0.9%
p55
KEV
—
Exploit Today
17
0-100
Published: Jul 14, 2026 · Last modified: Jul 15, 2026 · CWE-78
0.9%EPSS · 30 days0.9%
2026-07-152026-07-16
An OS command injection vulnerability exists in Archer VX800v v1 due to insufficient input sanitization of the domain name parameter. An adjacent attacker who can access the relevant HTTP interface can modify the parameter to inject shell metacharacters, resulting in arbitrary code execution with root privileges. Successful exploitation may allow remote code execution and complete compromise of the device.
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2026-341978.8 HIG99.9%
KEV—80Apache ActiveMQ Improper Input Validation Vulnerability2dCVE-2024-121210.0 CRI99.9%
KEV—80Progress Kemp LoadMaster OS Command Injection Vulnerability4dCVE-2022-262589.8 CRI99.6%
KEV—80D-Link DIR-820L Remote Code Execution Vulnerability8dCVE-2026-422718.8 HIG99.6%
KEV—80BerriAI LiteLLM Command Injection Vulnerability2dCVE-2021-252988.8 HIG99.5%
KEV—80Nagios XI OS Command Injection8dCVE-2021-252978.8 HIG98.9%
KEV—80Nagios XI OS Command Injection8d