Cisco Talos Discovers Multiple Vulnerabilities Across Notable Software
Recent research by Cisco Talos has identified eight vulnerabilities in TP-Link devices, and additional vulnerabilities in Adobe Photoshop, OpenVPN, and Gen Digital’s Norton VPN. Most of these vulnerabilities have been patched by their respective vendors following Cisco’s third-party vulnerability disclosure policy, except for a Norton VPN vulnerability that was detected in the wild before a patch could be deployed.
The vulnerabilities affecting TP-Link’s Archer AX53 router include several critical flaws. Notably, CVE-2026-30814 describes a stack-based buffer overflow that could allow an attacker to execute arbitrary code by sending specially crafted network packets. Additional vulnerabilities, such as CVE-2026-30815 and CVE-2026-30816, involve command injections that could result in the execution of arbitrary commands by uploading malicious files. The interconnected nature of these vulnerabilities indicates a significant risk for organizations using affected TP-Link routers. Visual aids in the original research clearly depict the attack vectors and how they can be exploited, emphasizing the urgent need for end-users to understand their exposure.
Vulnerabilities in software like Adobe Photoshop are also concerning. CVE-2026-34632 permits privilege escalation during the installation process, allowing low-privilege users to manipulate files, potentially elevating their access rights. OpenVPN’s CVE-2026-35058 vulnerability is related to a denial of service risk that arises from specific packet inputs. Lastly, the Norton VPN client contains a privilege escalation flaw that involves the manipulative replacement of files during installation, particularly affecting users acquiring the software via the Microsoft Store.
Defensive Context
Enterprises and users relying on TP-Link networking devices should be particularly aware of the vulnerabilities discussed. Organizations that leverage Adobe Photoshop and OpenVPN should also take note, especially given the potential for privilege escalation and denial of service through specific exploits. Those who do not operate in these environments may not face the same level of risk.
Why This Matters
The vulnerabilities present real risks, particularly for organizations that utilize affected TP-Link routers or rely on the other software mentioned. Attackers could leverage these weaknesses to gain unauthorized access or disrupt services, which highlights the importance of awareness and prompt action.
Defender Considerations
Organizations should prioritize the application of patches issued by the respective vendors to mitigate these vulnerabilities effectively. Security teams should also consider reviewing current security policies regarding device installation processes to ensure checks against privilege escalation vulnerabilities are in place.
Indicators of Compromise (IOCs)
– CVE-2026-30814 (TP-Link)
– CVE-2026-30815 (TP-Link)
– CVE-2026-30816 (TP-Link)
– CVE-2026-34632 (Adobe Photoshop)
– CVE-2026-35058 (OpenVPN)
– CVE-2025-58074 (Norton VPN)
