Talos discloses router, Photoshop, OpenVPN and Norton VPN flaws

Cisco Talos’ Vulnerability Discovery & Research team posted advisories on May 19, 2026 detailing multiple vulnerabilities across consumer and open‑source software. The disclosures cover eight flaws in the TP‑Link Archer AX53 router, and one each in the Adobe Photoshop Microsoft Store installer, OpenVPN and Gen Digital’s Norton VPN client.

Talos researcher Lilith reported the eight issues in the Archer AX53 firmware version 1.3.1 Build 20241120 rel.54901(5553). The most severe is a stack‑based buffer overflow (CVE‑2026‑30814) in the router’s tmpServer opcode that can be triggered by specially crafted network packets and may allow arbitrary code execution. Other flaws affect OpenVPN restore and dnsmasq restore routines and include OS command injection and external configuration control vulnerabilities (CVE‑2026‑30815 through CVE‑2026‑30818 and related TALOS identifiers). Those flaws can be exploited by uploading crafted configuration files to the device, which can lead to command execution or unauthorized file reads.

A separate advisory from researcher KPC describes a privilege‑escalation vulnerability in the Adobe Photoshop installer distributed via the Microsoft Store. The installer file identified is Photoshop_Set‑Up.exe version 2.11.0.30 and the issue is tracked as CVE‑2026‑34632. A low‑privilege user can replace files during installation, which can result in elevation of privileges. Adobe has released an update that addresses the installer issue.

OpenVPN maintainers were alerted to a reachable assertion flaw in the TLS Crypt v2 client key extraction code by Emma Reuter of Cisco ASIG. Tracked as CVE‑2026‑35058, the bug affects OpenVPN 2.6.x and the 2.8_git stream. A specially crafted sequence of packets can cause a denial of service. OpenVPN maintainers have issued fixes for the vulnerability.

Talos also identified a privilege‑escalation vulnerability in Gen Digital’s Norton VPN Microsoft Store installer, reported by KPC as CVE‑2025‑58074. The advisory explains a low‑privilege user could replace installation files and potentially delete arbitrary files during setup, which may lead to elevation of privileges. Talos observed the Norton VPN vulnerability in use and noted a patch was not available at the time of the disclosure.

Talos’ advisories list technical details for each flaw and include Snort rules to detect exploitation attempts. Vendors have released fixes for the reported bugs except for the Norton VPN issue, which remained unpatched at the time of Talos’ post.