CVE-2026-34127

Name of the Vulnerable Software and Affected Versions TP-Link TL-SG108PE v5 (affected versions not specified)

Description A stored cross-site scripting (XSS) issue exists in the web management interface. This occurs because the SYSNAM configuration parameter is not properly sanitized during the configuration file import process. An attacker with administrator access can inject a malicious script into the device configuration, which is then executed in the administrator's browser when viewing the affected interface. This could lead to session cookie theft, unauthorized configuration changes, or exposure of sensitive information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.