Talos finds router, Photoshop, OpenVPN and Norton flaws

Cisco Talos’ Vulnerability Discovery & Research team published findings on May 19, 2026, disclosing eight vulnerabilities in the TP‑Link Archer AX53 router and separate flaws in Adobe Photoshop’s Microsoft Store installer, OpenVPN and Gen Digital’s Norton VPN. Talos followed its third‑party disclosure policy. Vendors patched the reported issues except for the Norton VPN vulnerability, which Talos observed in use before a patch was available. Snort rule sets and vulnerability advisories are available on Snort.org and Talos Intelligence.

The TP‑Link Archer AX53 (firmware v1.3.1 Build 20241120 rel.54901(5553)) contains multiple flaws that could allow code execution or unauthorized file access. A stack‑based buffer overflow in the tmpServer opcode (CVE‑2026‑30814) can be triggered by specially crafted network packets and may allow arbitrary code execution. Several OpenVPN configuration restore functions and a dnsmasq restore function expose OS command injection or external configuration control weaknesses (CVE‑2026‑30815 through CVE‑2026‑30818 and related TALOS advisories). Those flaws can be triggered by uploading a malicious configuration file and may lead to arbitrary command execution or arbitrary file reads. An attacker can exploit the router either by sending crafted packets or by supplying a malicious file to the device.

Adobe Photoshop’s Microsoft Store installer (Photoshop_Set‑Up.exe 2.11.0.30) included a privilege escalation vulnerability (CVE‑2026‑34632) in which a low‑privilege local user could replace files during installation and gain elevated rights. Adobe released an updated installer to address the issue.

The OpenVPN vulnerability (CVE‑2026‑35058) affects OpenVPN 2.6.x and certain development builds. Talos described the issue as a reachable assertion in the TLS Crypt v2 client key extraction routine. A specially crafted sequence of network packets can trigger the assertion and cause a denial of service. OpenVPN maintainers issued mitigations in updated builds.

The Norton VPN installer distributed via the Microsoft Store contained a privilege escalation flaw (CVE‑2025‑58074) that allows a low‑privilege user to replace installation files, which can lead to deletion of arbitrary files and privilege elevation. Talos reported that the Norton VPN issue was observed in use at the time of disclosure and that a vendor patch was not yet available.

Talos credited Lilith >_> for the TP‑Link research, KPC for the Photoshop and Norton findings, and Emma Reuter of Cisco ASIG for the OpenVPN report. Talos also published Snort rules and vulnerability advisories to detect exploitation attempts. Administrators and organizations are urged to consult the Talos advisories and Snort rule sets and to apply vendor updates where available.