How to Fix CVE-2026-27517: 10G08-0800GSM Network Switch (Bundle Sibling)

By Sai Kiran Pandrala. Last verified: 2026-05-25.

CVE-2026-27517 is a sibling vulnerability in the same vendor advisory as CVE-2026-23678. Apply the same patched build and you close both. The technical detail below is what differs.

What's different about CVE-2026-27517?

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior reflect unsanitized user input in the web interface, allowing an attacker to inject and execute arbitrary JavaScript in the context of an authenticated user.

How to fix CVE-2026-27517

Apply the patched build per the primary write-up: How to Fix CVE-2026-23678. All commands, verification steps, and rollback notes for 10G08-0800GSM Network Switch are listed there.

Frequently asked questions

Does the CVE-2026-23678 patch close CVE-2026-27517?

Yes. Both CVEs are addressed by the same vendor patch. Applying the patched build closes the full bundle.

Is CVE-2026-27517 listed in CISA KEV?

No public KEV listing at the time of this writing.

Where is the official advisory?

See https://www.binardat.com/products/8-port-10-gigabit-sfp-managed-switch,-support-1g-sfp-and-10g-sfp-module,-160gbps-bandwidth,-l3-web-managed,-metal-fanless-fiber-binardat-network-switch

References

• Official vendor advisory: https://www.binardat.com/products/8-port-10-gigabit-sfp-managed-switch,-support-1g-sfp-and-10g-sfp-module,-160gbps-bandwidth,-l3-web-managed,-metal-fanless-fiber-binardat-network-switch
• NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-27517
• CISA KEV catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
• Primary: How to Fix CVE-2026-23678

*Written by Sai Kiran Pandrala. Part of the 10G08-0800GSM Network Switch bundle. Full procedure at how-to-fix-cve-2026-23678.*