CVE-2026-62948 | OpenWrt up to 25.12.4 DHCPv6 Client FQDN Option src/statefiles.c statefiles_write_state6 Hostname injection
A vulnerability was found in OpenWrt up to 25.12.4. It has been declared as very critical. This issue affects the function statefiles_write_state6 of the file src/statefiles.c of the component DHCPv6 Client FQDN Option. The manipulation of the argument Hostname results in injection.
This vulnerability is known as CVE-2026-62948. It is possible to launch the attack remotely. No exploit is available.VulDB Recent EntriesRead More