CVE-2026-0652

Name of the Vulnerable Software and Affected Versions TP-Link Tapo C260 version 1

Description A command injection issue exists in the TP-Link Tapo C260 v1 due to insufficient input validation of certain POST parameters during configuration synchronization. A successful exploit by an authenticated attacker could allow for the execution of arbitrary system commands, potentially leading to a complete compromise of the device, impacting confidentiality, integrity, and availability. The vulnerability allows an attacker to execute arbitrary code through specific POST request parameters.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.