PatchSiren cyber security CVE debrief
CVE-2026-35906 T3 Technology CVE debrief
CVE-2026-35906 is a critical vulnerability in T3 Technology CPE models T625Pro v1.0.07 and T6825G v1.0.03. An undocumented debug CGI endpoint allows unauthenticated attackers to execute arbitrary system commands as root via a crafted HTTP query string. This vulnerability has a CVSS score of 9.6 and is considered CRITICAL.
- Vendor
- T3 Technology
- Product
- CPE models T625Pro v1.0.07 and T6825G v1.0.03
- CVSS
- CRITICAL 9.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-04
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-04
Who should care
Administrators and users of T3 Technology CPE models T625Pro v1.0.07 and T6825G v1.0.03 should be aware of this vulnerability and take immediate action to mitigate the risk.
Technical summary
The vulnerability exists in an undocumented debug CGI endpoint in the affected CPE models. An unauthenticated attacker can exploit this vulnerability by supplying a crafted HTTP query string, allowing them to execute arbitrary system commands as root.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates provided by the vendor to fix the vulnerability.
- Disable the debug CGI endpoint if not required.
- Monitor the system for suspicious activity.
Evidence notes
The CVE record and NVD detail pages provide evidence of this vulnerability. [resourceLinkAnnotations:cve-org,nvd]
Official resources
CVE-2026-35906 was published on 2026-06-04T15:16:50.870Z and modified on 2026-06-04T16:23:33.747Z.