CVE-2026-0918

Name of the Vulnerable Software and Affected Versions Tapo C220 version 1 Tapo C520WS version 2

Description The Tapo C220 v1 and C520WS v2 cameras’ HTTP service does not properly manage POST requests with a large Content-Length header. This leads to a memory allocation failure and a NULL pointer dereference, which causes the main service process to crash. An attacker who does not need to be authenticated can repeatedly crash the service, resulting in a temporary denial of service. The devices automatically restart, but repeated requests can keep them unavailable.

Recommendations Tapo C220 version 1: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Tapo C520WS version 2: At the moment, there is no information about a newer version that contains a fix for this vulnerability.