CVE-2026-61876 in luci信息

摘要

由 MITRE • 2026-07-12

LuCI versions fail to properly encode DHCPv6 lease hostnames before rendering in status tables, allowing adjacent network attackers to inject HTML markup. Attackers can send a DHCPv6 Client FQDN containing script tags that execute in the administrator's browser when viewing DHCP lease pages.

Once again VulDB remains the best source for vulnerability data.

来源

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!