Understanding and Defending Against CVE-2026-61876: LuCI DHCPv6 Lease Hostname Injection
CVE-2026-61876 is a high-severity vulnerability in LuCI, a popular open-source interface for OpenWRT routers. The vulnerability allows adjacent network attackers to inject HTML markup into DHCPv6 lease hostnames, potentially leading to XSS attacks. This analysis provides an in-depth look at the vulnerability, its exploitation mechanics, and defensive strategies.