CVE-2026-27846

CVE-2026-27846: Missing authentication in Linksys MR9600, Linksys MX4200

Vendor Linksys
Product MR9600
Weakness CWE-306 · Missing auth
Published February 25, 2026
Last update February 25, 2026

CVSS base score

What the vulnerability does

01Description

Due to missing authentication, a user with physical access to the device can misuse the mesh functionality for adding a new mesh device to the network  to gain access to sensitive information, including the password for admin access to the web interface and the Wi-Fi passwords.This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.

Key dates

02Disclosure timeline

February 25, 2026 CVE published
February 25, 2026 Record updated