A vulnerability was found in OpenWrt up to 25.12.4. It has been declared as very critical. This issue affects the function
statefiles_write_state6 of the file src/statefiles.c of the component DHCPv6 Client FQDN Option. The manipulation of the argument Hostname results in injection.
This vulnerability is known as CVE-2026-62948. It is possible to launch the attack remotely. No exploit is available.