Insufficient Input Validation in NETGEAR XR1000v2 Router
CVE-2026-0406

6.1MEDIUM

Key Information:

Vendor: Netgear
Status: Xr1000v2
Vendor: CVE Published:; 13 January 2026

What is CVE-2026-0406?

The NETGEAR XR1000v2 router is vulnerable to an insufficient input validation flaw, which enables attackers connected to the local area network (LAN) to perform OS command injections. This vulnerability poses a significant risk, as it may allow unauthorized users to execute arbitrary commands, potentially compromising the integrity and security of the router and the network components connected to it. NETGEAR has released a security advisory detailing this vulnerability and recommended patches to enhance the security of affected devices.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

XR1000v2 0 <= 1.1.0.22

References

https://www.netgear.com/support/product/xr1000v2

productpatch

https://kb.netgear.com/000070442/January-2026-NETGEAR-Sec...

vendor-advisory

CVSS V4

Score:

6.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Jan 13, 2026
Vulnerability Reserved
Dec 3, 2025

Credit

o4ncL1

JSON

Netgear

What is CVE-2026-0406?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.