PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-22226 TP-Link Systems Inc. CVE debrief

CVE-2026-22226 is a high-severity command injection vulnerability in TP-Link Archer BE230 v1.2 and Archer AX73 v2. Successful exploitation could allow an authenticated admin to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420 and Archer AX73 v2 < 1.3.1 Build 20260430.

Vendor
TP-Link Systems Inc.
Product
Archer BE230 v1.2
CVSS
HIGH 8.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-02-02
Original CVE updated
2026-06-04
Advisory published
2026-02-02
Advisory updated
2026-06-04

Who should care

Administrators and users of TP-Link Archer BE230 v1.2 and Archer AX73 v2 devices should apply patches to mitigate this vulnerability.

Technical summary

A command injection vulnerability exists in the VPN server configuration module of TP-Link Archer BE230 v1.2 and Archer AX73 v2. The vulnerability has a CVSS score of 8.5 and is classified as HIGH severity.

Defensive priority

High

Recommended defensive actions

  • Apply patches from TP-Link's official support pages: [Archer AX73 v2 Firmware](ref-4), [Archer BE230 v1.2 Firmware](ref-5).
  • Refer to TP-Link's support FAQ for additional guidance: [TP-Link Support FAQ](ref-9).

Evidence notes

This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.

Official resources

CVE-2026-22226 was published on 2026-02-02T18:16:15.407Z and modified on 2026-06-04T19:16:27.570Z.