CVE-2026-11406
MEDIUMGL.iNet MT3000 OpenVPN Client Import Workflow ovpnclient.sh command injection
Title source: cnaDescription
A vulnerability was determined in GL.iNet MT3000 up to 4.4.5. This vulnerability affects unknown code of the file ovpnclient.sh of the component OpenVPN Client Import Workflow. This manipulation causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. Upgrading to version 4.9.0_beta3-1012-0513-1778656146 is able to resolve this issue. You should upgrade the affected component. The vendor confirms: "This issue has been addressed by implementing malicious checks on OpenVPN configuration files to prevent command injection attacks carried through malicious configuration files."
References (6)
Core 6
Core References
Vdb Entry vdb-entry
VDB-368966 | GL.iNet MT3000 OpenVPN Client Import Workflow ovpnclient.sh command injection
https://vuldb.com/vuln/368966
Signature, Permissions Required signature
permissions-required
VDB-368966 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/368966/cti
Third Party Advisory third-party-advisory
CVE-2026-11406 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-11406
Third Party Advisory third-party-advisory
Submit #820049 | GL.iNet MT3000 4.4.5 Command Injection
https://vuldb.com/submit/820049
Scores
CVSS v3
6.3
EPSS
0.0158
EPSS Percentile
72.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-74
CWE-77
Status
published
Products (7)
GL.iNet/MT3000
4.4.0
GL.iNet/MT3000
4.4.1
GL.iNet/MT3000
4.4.2
GL.iNet/MT3000
4.4.3
GL.iNet/MT3000
4.4.4
GL.iNet/MT3000
4.4.5
GL.iNet/MT3000
4.9.0_beta3-1012-0513-1778656146
Published
Jun 06, 2026
Tracked Since
Jun 06, 2026