GL.iNet XE3000 glnassys hard-coded key
CVE-2026-11505

2.3LOW

Key Information:

Vendor: Gl.inet
Status: A1300; Ax1800; Axt1800; Mt2500
Vendor: CVE Published:; 8 June 2026

What is CVE-2026-11505?

A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component glnassys. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is reported as difficult. Upgrading to version 4.9.0 mitigates this issue. Upgrading the affected component is advised.

Affected Version(s)

A1300 4.8.*

AX1800 4.8.*

AXT1800 4.8.*

References

https://vuldb.com/vuln/369125

vdb-entry

https://vuldb.com/vuln/369125/cti

signaturepermissions-required

https://vuldb.com/cve/CVE-2026-11505

third-party-advisory

CVSS V4

Score:

2.3

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 8, 2026
Vulnerability Reserved
Jun 7, 2026

Credit

GLiNet (VulDB User)

CVE-2026-11505 Data

JSON