CVE-2026-11448 | GL.iNet GL-MT3000 up to 4.4.5 Minidlna Service /rpc realpath kube. set command injection

A vulnerability classified as critical has been found in GL.iNet GL-MT3000 up to 4.4.5. The affected element is the function realpath of the file /rpc of the component Minidlna Service. This manipulation of the argument kube. set causes command injection.

This vulnerability is tracked as CVE-2026-11448. The attack is possible to be carried out remotely. No exploit exists.

It is recommended to upgrade the affected component.

The vendor confirms: “Starting from version 4.7, SDK has added global protection to intercept malicious injection”.VulDB Recent EntriesRead More