{"vulnerability": "cve-2026-9404", "sightings": [{"uuid": "3c80ddc7-6de5-4a44-98bc-20e69618b4b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-9404", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mmnsg7hw3k2f", "content": "Totolink A8000RU routers (7.1cu.643_b20200521) face CRITICAL OS command injection (CVSS 9.3). Exploit code is public \u2014 restrict web mgmt access & monitor for fixes. https://radar.offseq.com/threat/cve-2026-9404-os-command-injection-in-totolink-a80-e697767b #OffSeq #infosec #CVE20269404", "creation_timestamp": "2026-05-25T06:00:28.132234Z"}, {"uuid": "3cb80f95-8fe4-4935-b943-da66df76b6d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-9404", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116633686859071234", "content": "\ud83d\udea8 CRITICAL: Totolink A8000RU (7.1cu.643_b20200521) suffers OS command injection (CVE-2026-9404, CVSS 9.3). Exploit is public; no patch yet. Restrict web mgmt interface & watch for updates. https://radar.offseq.com/threat/cve-2026-9404-os-command-injection-in-totolink-a80-e697767b #OffSeq #infosec #CVE20269404 #routersecurity", "creation_timestamp": "2026-05-25T06:00:29.748940Z"}]}