CVE-2026-2562 | JingDong JD Cloud Box AX6600 up to 4.5.1.r4533 jdcweb_rpc /jdcapi cast_streen File privilege escalation

Inserito da Angelo Barbosa | Feb 15, 2026 | CVE

A vulnerability was found in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533 and classified as critical. This impacts the function cast_streen of the file /jdcapi of the component jdcweb_rpc. Executing a manipulation of the argument File can lead to privilege escalation.

This vulnerability appears as CVE-2026-2562. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-2562 | JingDong JD Cloud Box AX6600 up to 4.5.1.r4533 jdcweb_rpc /jdcapi cast_streen File privilege escalation

Post correlati

CVE-2024-41686 | SyroTech SY-GPON-1110-WDONT 3.1.02-231102 incorrect behavior order: early validation (CIVN-2024-0225)

CVE-2024-44195 | Apple macOS up to 15.0 App information disclosure

CVE-2024-41761 | IBM DB2/DB2 Connect Server 10.5/11.1/11.5 Query memory allocation

CVE-2026-25508 | Espressif ESP-IDF 5.1.6/5.2.6/5.3.4/5.4.3/5.5.2 BLE Provisioning Transport protocomm_ble out-of-bounds (GHSA-9j5x-rf36-54×9)