A vulnerability classified as critical has been found in GL.iNet GL-MT3000 up to 4.4.5 . The affected element is the function realpath of the file /rpc of the component Minidlna Service . This manipulation of the argument kube. set causes command injection. This vulnerability is tracked as CVE-2026-11448 . The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component. The vendor confirms: "Starting from version 4.7, SDK has added global