Cyber Resilience

CVE-2026-32841

CriticalPublic PoC

Published: 17 March 2026

Published
17 March 2026
Modified
26 May 2026
KEV Added
Patch
CVSS Score v4 9.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0060 43.9th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-32841 is a critical-severity Excessive Reliance on Global Variables (CWE-1108) vulnerability in Edimax Gs-5008Pl Firmware. Its CVSS base score is 9.2 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 43.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).

Deeper analysis

CVE-2026-32841 is an authentication bypass vulnerability (CWE-1108) in Edimax GS-5008PL firmware version 1.00.54 and prior. The flaw arises from a global authentication flag mechanism in the management interface, which fails to properly isolate authentication states across sessions.

Unauthenticated network attackers can exploit the vulnerability after any legitimate user authenticates to the management interface. This allows them to bypass credentials and gain administrative access, enabling unauthorized password changes, firmware uploads, and configuration modifications. The CVSS v3.1 base score is 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting high attack complexity likely due to the need for a prior user authentication.

Mitigation guidance is available in vendor resources and advisories, including the Edimax GS-5008PL product page at https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/us/smb_legacy_switches/gs-5008pl/, the Edimax SMB legacy products list at https://www.edimax.com/edimax/merchandise/merchandise_list/data/edimax/us/smb_legacy_products/, and the VulnCheck advisory at https://www.vulncheck.com/advisories/edimax-gs-5008pl-global-authentication-state-across-all-clients. The CVE was published on 2026-03-17.

EU & UK References

Vulnerability details

Edimax GS-5008PL firmware versions 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthenticated attackers to access the management interface. Attackers can exploit the global authentication flag mechanism to gain administrative access without credentials after any user authenticates, enabling…

more

unauthorized password changes, firmware uploads, and configuration modifications.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1098 Account Manipulation Persistence
Adversaries may manipulate accounts to maintain and/or elevate access to victim systems.
T1601 Modify System Image Defense Impairment
Adversaries may make changes to the operating system of embedded network devices to weaken defenses and provide new capabilities for themselves.
Why these techniques?

Auth bypass in network-accessible management web interface directly enables remote exploitation for initial admin access (T1190). Post-bypass capabilities explicitly include unauthorized password changes (T1098) and firmware uploads (T1601).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-32838Same product: Edimax Gs-5008Pl
CVE-2025-22904Same vendor: Edimax
CVE-2025-22907Same vendor: Edimax
CVE-2025-22916Same vendor: Edimax
CVE-2020-37125Same vendor: Edimax
CVE-2025-22913Same vendor: Edimax
CVE-2024-48420Same vendor: Edimax
CVE-2025-22906Same vendor: Edimax
CVE-2024-48416Same vendor: Edimax
CVE-2026-1972Same vendor: Edimax

Affected Assets

edimax
gs-5008pl firmware
≤ 1.00.54

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces authenticated access decisions on the management interface, blocking the global authentication flag bypass that grants admin rights without per-session credentials.

prevent

Requires unique identification and authentication for each organizational user session before granting management interface access, preventing the shared global flag from allowing unauthenticated entry.

prevent

Protects session authenticity to ensure authentication state is bound to individual sessions rather than a global flag shared across clients.

References