Full Report
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed eight vulnerabilities in TP-Link, and one each in Adobe Photoshop, OpenVPN, and Gen Digital's Norton VPN.The vulnerabilities mentioned in this blog post have been patched by their respective vendors, in adherence to Cisco’s third-party vulnerability
Analysis Summary
Based on the Cisco Talos vulnerability disclosures, here is the clear, actionable summary of the identified security flaws.
---
# Vulnerability: Multiple RCE and Command Injection in TP-Link Archer AX53
## CVE Details
- **CVE ID:** CVE-2026-30814 through CVE-2026-30819 and associated TALOS IDs.
- **CVSS Score:** 8.8 - 9.8 (Critical/High)
- **CWE:** CWE-121 (Stack-based Buffer Overflow), CWE-78 (OS Command Injection), CWE-15 (External Control of System or Configuration Setting)
## Affected Systems
- **Products:** TP-Link Archer AX53 (Dual Band Gigabit Wi-Fi Router)
- **Versions:** v1.0 1.3.1 Build 20241120 rel.54901(5553)
- **Configurations:** Systems utilizing `tmpServer`, OpenVPN configuration restore, or dnsmasq configuration restore.
## Vulnerability Description
Eight vulnerabilities were identified in the router's firmware. The most critical is a **stack-based buffer overflow** in the `tmpServer` opcode 0x436 (CVE-2026-30814) allowing for arbitrary code execution. The remaining seven vulnerabilities involve **OS command injection** and **external configuration control** within the OpenVPN and dnsmasq restore functionalities. Attackers can leverage malicious configuration files to execute commands or read arbitrary files on the system.
## Exploitation
- **Status:** PoC Available (via Talos research)
- **Complexity:** Low
- **Attack Vector:** Network / Adjacent
## Impact
- **Confidentiality:** High (Arbitrary file reading/data access)
- **Integrity:** High (Unauthorized command/code execution)
- **Availability:** High (Potential for system takeover)
## Remediation
### Patches
- Users should update to the latest firmware provided by TP-Link for the Archer AX53.
### Workarounds
- Disable remote management interfaces.
- Avoid uploading/restoring configuration files from untrusted sources.
## Detection
- **Snort SID:** Consult hxxps[://]snort[.]org for specific rule sets related to TALOS-2025-2302 through 2309.
---
# Vulnerability: Adobe Photoshop Privilege Escalation
## CVE Details
- **CVE ID:** CVE-2026-34632
- **CVSS Score:** 7.8 (High)
- **CWE:** CWE-379 (Creation of Temporary File in Dir with Incorrect Permissions)
## Affected Systems
- **Products:** Adobe Photoshop (Microsoft Store Installer)
- **Versions:** Photoshop_Set-Up.exe 2.11.0.30
## Vulnerability Description
A flaw exists in the installation process via the Microsoft Store. A low-privilege user can exploit a race condition or permission flaw to replace files during the installation process, leading to the execution of code with elevated privileges.
## Exploitation
- **Status:** Not exploited in the wild.
- **Complexity:** Medium
- **Attack Vector:** Local
## Impact
- **Confidentiality:** High
- **Integrity:** High
- **Availability:** High
## Remediation
### Patches
- Update to the latest version of the Adobe Photoshop installer via the Adobe Creative Cloud or Microsoft Store.
---
# Vulnerability: OpenVPN Denial of Service (Reachable Assertion)
## CVE Details
- **CVE ID:** CVE-2026-35058
- **CVSS Score:** 7.5 (High)
- **CWE:** CWE-617 (Reachable Assertion)
## Affected Systems
- **Products:** OpenVPN
- **Versions:** 2.6.x and 2.8_git
- **Configurations:** Systems using TLS Crypt v2 Client Key Extraction.
## Vulnerability Description
A specially crafted network packet sent to the TLS Crypt v2 functionality can trigger a reachable assertion. This causes the OpenVPN process to crash, resulting in a Denial of Service.
## Exploitation
- **Status:** Not exploited in the wild.
- **Complexity:** Low
- **Attack Vector:** Network
## Impact
- **Confidentiality:** None
- **Integrity:** None
- **Availability:** High (Service crash)
## Remediation
### Patches
- Update OpenVPN to the latest patched branch (v2.6.x latest).
---
# Vulnerability: Norton VPN Privilege Escalation / Arbitrary File Deletion
## CVE Details
- **CVE ID:** CVE-2025-58074
- **CVSS Score:** 7.1 (High)
- **CWE:** CWE-284 (Improper Access Control)
## Affected Systems
- **Products:** Gen Digital Norton VPN client
- **Configurations:** Installed via Microsoft Store.
## Vulnerability Description
A privilege escalation vulnerability exists in the Microsoft Store installation process. A low-privilege user can replace files during installation, which allows for the deletion of arbitrary files or elevation of privileges.
## Exploitation
- **Status:** **Exploited in-use before patch availability (0-day).**
- **Complexity:** Medium
- **Attack Vector:** Local
## Impact
- **Confidentiality:** Low
- **Integrity:** High
- **Availability:** High (File deletion can lead to system instability)
## Remediation
### Patches
- Apply the latest updates for Norton VPN provided by Gen Digital/Norton.
## References
- Cisco Talos Blog: hxxps[://]blog[.]talosintelligence[.]com/vulnerability-roundup-may-19-2026/
- TP-Link Advisories: hxxps[://]talosintelligence[.]com/vulnerability_reports/TALOS-2025-2302
- Adobe Advisories: hxxps[://]www[.]adobe[.]com/support/security.html