Medium CVSS: 6.5 CVE-2025-26320 t0mer BroadlinkManager v5.9.1 was discovered to contain an OS command injection vulnerability via the IP Address parameter at /device/ping.