A vulnerability marked as critical has been reported in Tenda AC6 2.0/15.03.06.23 . The affected element is an unknown function of the file /goform/telnet of the component httpd . The manipulation of the argument lan.ip leads to os command injection. This vulnerability is referenced as CVE-2026-8259 . Remote exploitation of the attack is possible. Furthermore, an exploit is available.