CVE-2026-7248

Daily digests

An attacker can remotely trigger a buffer overflow on D-Link DI-8100 routers (firmware 16.07.26A1) through the tgfile.htm CGI endpoint by sending a crafted 'fn' parameter. No authentication is needed, and a working exploit is already public. CVSS 9.8, so this is about as bad as it gets for a network device.

• Daily Digest · Apr 28, 2026

  5 router RCEs with public exploits, all CVSS 9.8