{"vulnerability": "CVE-2026-41926", "sightings": [{"uuid": "2d78f06b-56ef-4a49-a172-f38a504de24e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41926", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ml2kyfnef32k", "content": "CVE-2026-41926 - WDR201A WiFi Extender OS Command Injection via firewall.cgi\nCVE ID : CVE-2026-41926\n \n Published : May 4, 2026, 7:17 p.m. | 1\u00a0hour, 2\u00a0minutes ago\n \n Description : WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerabi...", "creation_timestamp": "2026-05-04T21:01:41.808892Z"}, {"uuid": "3f5b3781-e53c-49dc-a4d2-f88b3ee9da90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41926", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116519379011969410", "content": "\ud83d\udea8 CVE-2026-41926 (CRITICAL, CVSS 9.3): OS command injection in Shenzhen Yipu WDR201A WiFi Extender allows unauthenticated remote code execution via firewall.cgi. Persistent payloads survive reboots. Restrict access, monitor for fixes. https://radar.offseq.com/threat/cve-2026-41926-improper-neutralization-of-special--58e4d954 #OffSeq #IoTSecurity #CVE", "creation_timestamp": "2026-05-05T01:30:27.966902Z"}, {"uuid": "a0daaccc-d987-4ce9-bd21-f6a183e838df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41926", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3ml2zyzafpz23", "content": "Major alert: CRITICAL OS command injection (CVE-2026-41926) in Shenzhen Yipu WDR201A WiFi Extender. Remote attackers can run persistent commands. Restrict firewall.cgi access &amp; monitor for patches. https://radar.offseq.com/threat/cve-2026-41926-improper-neutralization-of-special--58e4d954 #OffSeq...", "creation_timestamp": "2026-05-05T01:30:28.757652Z"}]}