{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-4558/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["CVE-2026-4558","linksys","command-injection","network-device"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-4558 is a critical vulnerability affecting Linksys MR9600 routers, specifically version 2.0.6.206937. The flaw resides within the \u003ccode\u003esmartConnectConfigure\u003c/code\u003e function of the \u003ccode\u003eSmartConnect.lua\u003c/code\u003e file. Attackers can remotely inject OS commands by manipulating the \u003ccode\u003econfigApSsid\u003c/code\u003e, \u003ccode\u003econfigApPassphrase\u003c/code\u003e, \u003ccode\u003esrpLogin\u003c/code\u003e, or \u003ccode\u003esrpPassword\u003c/code\u003e arguments. Publicly available exploits exist, increasing the risk of exploitation. The vendor was notified but has not yet provided a patch or response, leaving users…\u003c/p\u003e\n","date_modified":"2026-03-23T12:00:00Z","date_published":"2026-03-23T12:00:00Z","id":"/briefs/2026-03-linksys-rce/","summary":"A remote OS command injection vulnerability exists in the Linksys MR9600 router version 2.0.6.206937, allowing attackers to execute arbitrary commands by manipulating specific function arguments via the SmartConnect.lua file.","title":"Linksys MR9600 SmartConnect OS Command Injection (CVE-2026-4558)","url":"https://feed.craftedsignal.io/briefs/2026-03-linksys-rce/"}],"language":"en","title":"CraftedSignal Threat Feed — CVE-2026-4558","version":"https://jsonfeed.org/version/1.1"}