Okay, I don't use taliscale. It is not obvious at all to me. And I somehow have the feeling it is not to you as well.
‘There is a vulnerability’. In the Plugin? In the OpenWrt? In the Kernel?
Is the possible vulnerability related to any component in the router? Is it active in the setup or just possible to compile in?
My local scanner mentioned my router as well, with a known CVE over 9. I do not trust blindly. I’ve checked if there is a real issue. See OpenWrt: Updates close security holes in router operating system … Spoiler: the vulnerability is there, in th OpenWrt source, but the part is not compiled in the GL.iNet package.