A vulnerability classified as critical was found in GL.iNet GL-MT3000 4.4.5 . The impacted element is the function rpc_sys of the file /cgi-bin/luci/rpc of the component LuCI JSON-RPC Interface . Such manipulation leads to command injection. This vulnerability is listed as CVE-2026-11449 . The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised. The vendor confirms: "The issue discovered by the vulnerability researcher on older firmware