CVE-2026-34119

Name of the Vulnerable Software and Affected Versions TP-Link Tapo C520WS version 2.6

Description A heap-based buffer overflow exists in the HTTP parsing loop when appending segmented request bodies. This occurs due to insufficient boundary validation when handling externally supplied HTTP input, specifically within the HTTP POST body parsing mechanism. An attacker on the same network segment can trigger heap memory corruption by sending crafted payloads that cause write operations beyond allocated buffer boundaries, resulting in a Denial-of-Service (DoS) condition where the device process crashes or becomes unresponsive.

Recommendations Update TP-Link Tapo C520WS version 2.6 to the latest firmware version provided by the vendor.