By weakness (CWE)

CWE-441: related vulnerabilities

CVEs classified under CWE-441. Understanding the weakness class helps prioritize systemic fixes over one-off patches.

3 published vulnerabilities

  • CVE-2026-36608HIGH 8.8

    A vulnerability in Mercusys AC12G (EU) V1 routers running firmware version AC12G(EU)_V1_200909 allows anyone connected to the local network to use UPnP port forwarding to redirect traffic destined for the internet directly to the router's admin interface. The vulnerability exists because the router's UPnP implementation doesn't properly validate the destination address when setting up port mappings—it accepts requests to forward ports to the router's own IP address (192.168.1.1) or localhost (127.0.0.1), which should never be allowed. An attacker on the LAN can exploit this with a single SOAP request to expose the administrative panel to the public internet without authentication, bypassing all network boundary protections.

  • CVE-2025-48570HIGH 7.8

    A vulnerability in Android's PipTaskOrganizer component allows a malicious application with basic system privileges to launch activities from the background without user interaction. An attacker exploiting this flaw could escalate their privileges within the system, potentially gaining access to sensitive functionality or data. The vulnerability stems from a confused deputy issue—where a trusted system component is tricked into performing privileged actions on behalf of an unprivileged attacker.

  • CVE-2026-0098HIGH 7.8

    CVE-2026-0098 is a local privilege escalation vulnerability in Android's package-calling logic that allows a malicious app to bypass restrictions on which activities it can start. The flaw stems from a confused deputy problem—the system incorrectly trusts the calling context of an app requesting activity launches. An attacker with a local app installation can exploit this without special permissions or user interaction to gain elevated privileges, potentially accessing sensitive device functions or data reserved for system components.