High severity8.8NVD Advisory· Published Feb 3, 2026· Updated May 12, 2026

CVE-2026-22550

Description

OS command injection vulnerability exists in ELECOM wireless LAN products. A crafted request from a logged-in user may lead to an arbitrary OS command execution.

Affected products

Elecom/Wrc X1500gsa B Firmware
cpe:2.3:o:elecom:wrc-x1500gsa-b_firmware:*:*:*:*:*:*:*:*
Range: <=1.13
Elecom/Wrc X1500gs B Firmware
cpe:2.3:o:elecom:wrc-x1500gs-b_firmware:*:*:*:*:*:*:*:*
Range: <=1.13

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

jvn.jp/en/jp/JVN94012927/nvdThird Party Advisory
www.elecom.co.jp/news/security/20260203-01/nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000