HIGH
Peplink
CVE published 2026-06-26
CVE-2026-57920
CVE-2026-57920 is a high-severity vulnerability in Peplink InControl 2, allowing attackers to bypass access-control rules using a semicolon in certain /rest/o/{orgId} endpoints. The vulnerability has a CVSS score of 7.7 and is considered HIGH severity. It was published on June 26, 2026, and last modified on July 2, 2026. The vulnerability affects Peplink InControl 2 versions up to 2.14.2. There is limited [truncated]