A vulnerability labeled as critical has been found in D-Link DNS-320 2.06B01 . This affects the function delete/rename/copy/move/chmod/chown of the file /cgi-bin/webfile_mgr.cgi . The manipulation results in os command injection. This vulnerability was named CVE-2026-8272 . The attack may be performed from remote. In addition, an exploit is available.