Missing Authorization Vulnerability in Zyxel GS1200 Series Switches
CVE-2026-4795

6.5MEDIUM

Key Information:

Vendor: Zyxel
Status: Gs1200-5v3 Firmware; Gs1200-8v3 Firmware; Gs1200-5HPv3 Firmware; Gs1200-8HPv3 Firmware
Vendor: CVE Published:; 26 May 2026

What is CVE-2026-4795?

A missing authorization vulnerability in specific firmware versions of Zyxel GS1200 series switches enables unauthorized attackers on the local network to exploit crafted HTTP requests. This flaw allows them to access and read sensitive system configuration data from a log file, potentially compromising the integrity of the network and its operations.

Affected Version(s)

GS1200-10v3 firmware <= 1.00(ACPW.2)C0

GS1200-5HPv3 firmware <= 1.00(ACPU.2)C0

GS1200-5v3 firmware <= 1.00(ACPS.2)C0

References

https://www.zyxel.com/global/en/support/security-advisori...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2026
Vulnerability Reserved
Mar 25, 2026

CVE-2026-4795 Data

JSON