CVE-2026-1723: Windows Server 2022/2025

What is CVE-2026-1723?

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1498_B20250826.

CVSSawaiting NVD

ExploitationNo exploitation reported

Triage statusUnder Review

ActionSchedule for next cycle

NVD published2026-01-30

NVD last modified2026-04-15

Affected product

Windows Server 2022/2025

Remediation Steps

Apply the March 2026 Patch Tuesday cumulative update to all Windows Server instances.
Prioritize domain controllers and internet-facing servers.
If immediate patching is not possible, restrict network access and enable enhanced monitoring.
Review Windows Event Logs for privilege escalation indicators (Event ID 4672, 4673).
Verify endpoint detection systems have updated signatures for this exploit chain.

References

Coverage on defend.network

Vulnerability Priority Report – Week 3 of March 2026 (March 14–20)
VMware ESXi ransomware exploit; BlackSuit healthcare breach (2026-03-20)

🤖 This CVE page is generated by defend.network from NVD, CISA KEV, EPSS, and our verified daily briefings. Severity and exploitation data come from official sources; always verify remediation steps against the official vendor advisory before acting in production.

What is CVE-2026-1723?

Affected product

Remediation Steps

References

Coverage on defend.network

Get Critical CVE Alerts