CVE-2025-26320 Information

Description

t0mer BroadlinkManager v5.9.1 was discovered to contain an OS command injection vulnerability via the IP Address parameter at /device/ping.

Reference

https://github.com/BaranTeyin1/vulnerability-research/tree/main/CVE-2025-26320 https://github.com/t0mer/broadlinkmanager-docker https://github.com/t0mer/broadlinkmanager-docker/blob/master/broadlinkmanager/broadlinkmanager.py#L639-L657