https://feed.craftedsignal.io/tags/zyxel/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioFri, 27 Feb 2026 12:00:00 +0000https://feed.craftedsignal.io/briefs/2026-02-zyxel-rce/Fri, 27 Feb 2026 12:00:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-02-zyxel-rce/A critical command injection vulnerability (CVE-2026-13942) in the UPnP function of Zyxel routers allows remote attackers to execute arbitrary operating system commands by sending crafted UPnP SOAP requests.<p>A critical command injection vulnerability, tracked as CVE-2026-13942, has been discovered in the UPnP (Universal Plug and Play) service of Zyxel routers. The vulnerability stems from insufficient validation of input within the UPnP SOAP request processing. An unauthenticated, remote attacker can exploit this flaw by sending specially crafted UPnP SOAP requests to the affected device. This allows the attacker to inject and execute arbitrary operating system commands with elevated privileges on…</p> criticaladvisoryzyxelroutercommand injectioncve-2026-13942upnp