CVE-2026-25603

CVE-2026-25603: Path Traversal vulnerability in Linksys MR9600, Linksys MX4200

Vendor Linksys
Product MR9600
Weakness CWE-22 · Path traversal
Published February 24, 2026
Last update February 24, 2026

CVSS base score

What the vulnerability does

01Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Linksys MR9600, Linksys MX4200 allows that contents of a USB drive partition can be mounted in an arbitrary location of the file system. This may result in the execution of shell scripts in the context of a root user.This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.

Key dates

02Disclosure timeline

February 24, 2026 CVE published
February 24, 2026 Record updated