CVE-2026-0651— Path Traversal on TP-Link Tapo D235 and C260 via Local https
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-0651
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Path Traversal on TP-Link Tapo D235 and C260 via Local https
Source: NVD (National Vulnerability Database)
Vulnerability Description
A path traversal vulnerability was identified TP-Link Tapo C260 v1, D235 v1 and C520WS v2.6 within the HTTP server’s handling of GET requests. The server performs path normalization before fully decoding URL encoded input and falls back to using the raw path when normalization fails. An attacker can exploit this logic flaw by supplying crafted, URL encoded traversal sequences that bypass directory restrictions and allow access to files outside the intended web root. Successful exploitation may allow authenticated attackers to get disclosure of sensitive system files and credentials, while unauthenticated attackers may gain access to non-sensitive static assets.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Source: NVD (National Vulnerability Database)
Vulnerability Title
TP-Link Tapo C260 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
TP-Link Tapo C260是中国普联(TP-Link)公司的一个监控摄像机。 TP-Link Tapo C260 v1版本存在安全漏洞,该漏洞源于对特定GET请求路径处理不当,可能导致本地未经验证的文件系统路径探测。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| TP-Link Systems Inc. | Tapo C260 v1 | 0 ~ 1.1.9 Build 251226 Rel.55870n | - | |
| TP-Link Systems Inc. | Tapo D235 v1 | 0 ~ 1.2.2 Build 260210 Rel.27165n | - | |
| TP Link Systems Inc. | Tapo C520WS v2.6 | 0 ~ 1.2.4 Build 260326 Rel.24666n | - |
II. Public POCs for CVE-2026-0651
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-0651
请登录查看更多情报信息。
Same Patch Batch · TP-Link Systems Inc. · 2026-02-10 · 3 CVEs total
| CVE-2026-0653 | Insecure Access Control on TP-Link Tapo D235 and C260 | |
| CVE-2026-0652 | Remote Code Execution on TP-Link Tapo C260 by Guest User |
IV. Related Vulnerabilities
Same vendor: TP-Link Systems Inc.
- CVE-2026-5039
Predictable Default Cryptographic Key Used for DES Encryptio - CVE-2026-5363
Use of weak cryptographic key in TP-Link Archer C7 - CVE-2026-30818
OS Command Injection Vulnerability in dnsmasq Module in TP-L - CVE-2026-30817
Arbitrary File Reading Vulnerability in dnsmasq Module in TP - CVE-2026-30816
Arbitrary File Reading Vulnerability in OpenVPN Module in TP
Same weakness: CWE-22
- CVE-2026-8274
npitre cramfs-tools Directory cramfsck.c do_directory path t - CVE-2022-50956
WordPress Plugin amministrazione-aperta 3.7.3 Local File Rea - CVE-2026-8215
Industrial Application Software IAS Canias ERP RMI iasReques - CVE-2026-42605
AzuraCast: Path Traversal in `currentDirectory` Parameter En - CVE-2026-42574
apko dirFS has a symlink-following path traversal that allow
V. Comments for CVE-2026-0651
No comments yet