CVE-2026-11497
Published: 08 June 2026
Summary
CVE-2026-11497 is a medium-severity Incorrect Privilege Assignment (CWE-266) vulnerability in Dlink Dcs-5615 Firmware. Its CVSS base score is 5.5 (Medium).
Operationally, ranked at the 34.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-35027
Vulnerability details
A vulnerability has been found in D-Link DCS-5615 1.01.00. Affected by this vulnerability is an unknown functionality of the file /etc/conf.d/boa/boa.conf of the component Boa Webserver. Such manipulation leads to least privilege violation. The attack can be executed remotely. The…
more
exploit has been disclosed to the public and may be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Insufficient information to map techniques.Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Designation of a manager and policy dissemination ensures privileges are assigned according to defined roles.
Regular reviews catch incorrect privilege assignments to users, roles, or processes.
Explicitly specifying privileges and group/role memberships for accounts reduces the risk of incorrect privilege assignments.
The control requires explicit definition of separated access authorizations, making incorrect privilege assignments that bundle conflicting duties harder to implement.
Enforces the least privilege principle to avoid violations of minimal necessary access.
Enforcing only the minimal set of functionality implements least privilege by eliminating unneeded capabilities that could be abused.
The control mandates acknowledgment of least-privilege expectations, making violations by authorized users less likely.
Risk Executive role ensures least privilege is applied uniformly rather than left to individual system owners or projects.