CVE-2026-36356

Daily digests

An attacker can run arbitrary OS commands on MeiG Smart FORGE_SLT711 devices without any authentication by hitting the /action/SetRemoteAccessCfg endpoint on the built-in GoAhead web server. No credentials, no user interaction, just a crafted HTTP request gives full command execution. If these devices are reachable from the internet, you're already exposed.

• Daily Digest · May 6, 2026

  Eclipse BaSyx CVSS 10 RCE + 4 critical bugs