A vulnerability described as very critical has been identified in Mercusys AC12G . The affected element is an unknown function of the component POST Request Handler . Such manipulation of the argument SOAPAction leads to uninitialized pointer. This vulnerability is listed as CVE-2026-36611 . The attack must be carried out from within the local network. There is no available exploit.