CVE-2026-7027 MEDIUM

CVE-2026-7027: D-Link DSL-2740R Wireless Setup Section cross site scripting

Vendor D-Link

Product DSL-2740R

Weakness CWE-79 · XSS

Published April 26, 2026

Last update April 27, 2026

View on NVD All CVEs

CVSS base score

4.8/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was identified in D-Link DSL-2740R EU_01.15. Impacted is an unknown function of the component Wireless Setup Section. Such manipulation of the argument Wireless Network Name leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and might be used.

Key dates

02Disclosure timeline

April 26, 2026 CVE published

April 27, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-7027 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2026-33738 Lychee Vulnerable to Stored XSS via Photo Description in RSS/Atom/JSON Feed (No Sanitization on Public Endpoint) CVE-2024-48032 WordPress Featured Posts with Multiple Custom Groups (FPMCG) plugin <= 4.0 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-13728 FluentAuth - Auth Security Plugin <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'fluent_auth_reset_password' Shortcode CVE-2022-35630 Unsafe HTML Injection in Artifact Collection Report CVE-2025-28934 WordPress Simple Post Series plugin <= 2.4.4 - Reflected Cross Site Scripting (XSS) vulnerability