Cisco Talos exposes router, Photoshop, OpenVPN, Norton VPN bugs

Cisco Talos’ Vulnerability Discovery & Research team published advisories on May 19, 2026, disclosing eight vulnerabilities in the TP‑Link Archer AX53 router and additional flaws in Adobe Photoshop, OpenVPN and Gen Digital’s Norton VPN.

Talos identified the TP‑Link Archer AX53 v1.0 running firmware 1.3.1 Build 20241120 rel.54901(5553) as affected by eight distinct issues. Talos researcher Lilith >_> reported a stack‑based buffer overflow (CVE‑2026‑30814) in the tmpServer opcode 0x436 that can allow arbitrary code execution when an attacker sends specially crafted network packets. Multiple OpenVPN configuration restore functions and a dnsmasq restore script were found vulnerable to OS command injection and external configuration control (CVE‑2026‑30815 through CVE‑2026‑30818 and related Talos IDs). Those flaws can be triggered by uploading a malicious configuration file and may permit command execution or reading arbitrary files on the device. Additional Talos entries (TALOS‑2025‑2307, TALOS‑2025‑2308, TALOS‑2025‑2309) cover command‑injection issues in OpenVPN restore client_disconnect, client_connect and route_up functions.

Talos researcher KPC reported a privilege‑escalation vulnerability in an Adobe Photoshop installer distributed via the Microsoft Store. The affected installer, Photoshop_Set‑Up.exe version 2.11.0.30, allows a low‑privilege user to replace files during installation, which can lead to elevation of privileges (CVE‑2026‑34632).

An OpenVPN defect discovered by Emma Reuter affects OpenVPN 2.6.x and the 2.8_git development branch. Talos flagged a reachable assertion in the TLS Crypt v2 Client Key Extraction feature (CVE‑2026‑35058) where a crafted sequence of packets can cause a denial of service against a VPN server or client.

KPC also flagged a privilege‑escalation vulnerability in Gen Digital’s Norton VPN installer obtained from the Microsoft Store. The installer lets a low‑privilege user replace installation files, which can permit deletion of arbitrary files and potential privilege escalation (CVE‑2025‑58074). Talos noted the Norton VPN issue was observed in the wild before a vendor patch was available; other vendors released patches in line with Cisco’s third‑party vulnerability disclosure policy.

Talos published Snort detection rules and detailed vulnerability advisories on the Talos Intelligence website. The team advised users and administrators to apply vendor updates and to obtain the latest Snort rule sets from Snort.org for network detection coverage.

The TP‑Link Archer AX53 is a dual‑band gigabit Wi‑Fi router marketed for home and small‑office use. OpenVPN is open‑source VPN software used for remote access and site‑to‑site connections. Adobe Photoshop is a commercial image‑editing application. Norton VPN is a proprietary consumer VPN client.