A vulnerability marked as critical has been reported in ReQuest these 1.10 . Affected is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler . The manipulation of the argument repeaterSSID leads to command injection. This vulnerability is listed as CVE-2026-9297 . The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.