# CVE-2026-2142

> A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_420688 of the file /goform/set_qos. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.

- **CVSS:** 7.2 (HIGH)
- **EPSS:** 0.1%
- **CWE:** CWE-77, CWE-78

Canonical: https://intel.threadlinqs.com/cve/CVE-2026-2142
Full threat coverage + IOCs via the Threadlinqs MCP server (Purple tier): https://intel.threadlinqs.com/mcp