A vulnerability, which was classified as problematic , was found in Mercusys AC12G . The impacted element is an unknown function of the component HTTP Host Header Handler . Executing a manipulation can lead to permissive cross-domain policy with untrusted domains. This vulnerability appears as CVE-2026-36604 . The attack may be performed from remote. There is no available exploit.