A vulnerability labeled as problematic has been found in OpenWrt LuCI. This impacts the function
AddPortMapping of the file luci-app-upnp of the component UPnP IGD. Such manipulation of the argument NewPortMappingDescription leads to cross site scripting.
This vulnerability is referenced as CVE-2026-61875. It is possible to launch the attack remotely. No exploit is available.