CVE-2026-4566 (CVSS 8.8, High) is an unauthenticated stack-based buffer overflow in the F9K1122 router’s formWISP5G function, reachable via HTTP POST with no credentials required and a public exploit available. Belkin was notified prior to disclosure and did not respond; no patch exists. The only confirmed remediation path is device replacement; organizations unable to replace immediately must isolate the device and block all access to /goform/ endpoints from untrusted hosts.