CVE-2026-11494 PUBLISHED

A security vulnerability has been detected in TOTOLINK AC1200 T8 4.1.5cu.8611. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation leads to least privilege violation. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.

• L-14 (VulDB User) reporter

• VDB-369114 | TOTOLINK AC1200 T8 vsftpd vsftpd.conf least privilege violation
• VDB-369114 | CTI Indicators (IOB, IOC, TTP, IOA)
• CVE-2026-11494 | CVE Analysis and Report
• Submit #834819 | TOTOLink AC1200T8 V4.1.5cu.8611 Misconfiguration
• https://www.notion.so/TOTOLink-AC1200T8-V4-1-5cu-8611-3671f5ba989080a6aa03e6adbdd1d104?source=copy_link
• https://www.totolink.net/

• Least Privilege Violation CWE
• Incorrect Privilege Assignment CWE