A vulnerability was found in GL-iNet Comet KVM . It has been declared as critical . This affects an unknown function of the component UART . Such manipulation leads to missing authentication. This vulnerability is uniquely identified as CVE-2026-32291 . The attack can be executed directly on the physical device. No exploit exists.