Security Advisory

CVE-2026-32293

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-17 17:19:07

Last updated 2026-03-23 19:34:57

Assigner cisa-cg

State PUBLISHED

Description

The GL-iNet Comet (GL-RM1) KVM connects to a GL-iNet site during boot-up to provision client and CA certificates. The GL-RM1 does not verify certificates used for this connection, allowing an attacker-in-the-middle to serve invalid client and CA certificates. The GL-RM1 will attempt to use the invalid certificates and fail to connect to the legitimate GL-iNet KVM cloud service.

← Browse all CVEs View on cve.org ↗