{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-13942/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["zyxel","router","command injection","cve-2026-13942","upnp"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA critical command injection vulnerability, tracked as CVE-2026-13942, has been discovered in the UPnP (Universal Plug and Play) service of Zyxel routers. The vulnerability stems from insufficient validation of input within the UPnP SOAP request processing.  An unauthenticated, remote attacker can exploit this flaw by sending specially crafted UPnP SOAP requests to the affected device. This allows the attacker to inject and execute arbitrary operating system commands with elevated privileges on…\u003c/p\u003e\n","date_modified":"2026-02-27T12:00:00Z","date_published":"2026-02-27T12:00:00Z","id":"/briefs/2026-02-zyxel-rce/","summary":"A critical command injection vulnerability (CVE-2026-13942) in the UPnP function of Zyxel routers allows remote attackers to execute arbitrary operating system commands by sending crafted UPnP SOAP requests.","title":"Critical Command Injection Vulnerability in Zyxel Routers (CVE-2026-13942)","url":"https://feed.craftedsignal.io/briefs/2026-02-zyxel-rce/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-13942","version":"https://jsonfeed.org/version/1.1"}