CVE-2026-11406 | GL.iNet MT3000 up to 4.4.5 OpenVPN Client Import Workflow ovpnclient.sh command injection

A vulnerability identified as critical has been detected in GL.iNet MT3000 up to 4.4.5. This vulnerability affects unknown code of the file ovpnclient.sh of the component OpenVPN Client Import Workflow. This manipulation causes command injection.

This vulnerability is registered as CVE-2026-11406. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

You should upgrade the affected component.

The vendor confirms: “This issue has been addressed by implementing malicious checks on OpenVPN configuration files to prevent command injection attacks carried through malicious configuration files.”

CVE-2026-11406 | GL.iNet MT3000 up to 4.4.5 OpenVPN Client Import Workflow ovpnclient.sh command injection

Post correlati

CVE-2025-4947 | cURL up to 8.13.0 QUIC Certificate certificate validation

CVE-2025-12211 | Tenda O3 1.0.0.10(2478) /goform/setDmzInfo SetValue/GetValue dmzIP stack-based overflow

CVE-2024-27842 | Apple macOS up to 14.4 Kernel Local Privilege Escalation (HT214106)

CVE-2024-4900 | SEOPress Plugin up to 7.7 on WordPress Post Setting redirect