CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-10562

unknowncovered by 1 sourcefirst seen 2026-06-30
An unauthenticated URL redirection vulnerability has been identified in Archer AX20 V2 due to improper validation of user-supplied URL input within the web interface. An unauthenticated attacker can craft URLs containing URL-encoded path traversal sequences. When processed by the embedded web server, these inputs may cause the device to respond with HTTP 3xx redirects to attacker-controlled external domains. This issue affects Archer AX20 V2.0: through 2.1.9 Build 20230829.

⚡ Watch CVE-2026-10562

Get an email if CVE-2026-10562 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-10562

CVE.org record

Embed the live status

CVE-2026-10562 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-10562 status](https://www.csirts.com/badge/CVE-2026-10562)](https://www.csirts.com/cve/CVE-2026-10562)