What is CVE-2026-1668?

CVE-2026-1668 is a vulnerability in Tp-link Systems Inc. Sg2005p-pd 1.x, classified under Improper Input Validation. Published 2026-03-13.

Is CVE-2026-1668 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Tp-link Systems Inc. Sg2005p-pd 1.x

CVE-2026-1668

The web interface on multiple Omada switches does not adequately validate certain external inputs, which may lead to out-of-bound memory access when processing crafted requests. Under specific conditions, this flaw may result in unintende…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.001 (34.4th percentile) — read the EPSS interpretation.

Affected products

Tp-link Systems Inc. Sg2005p-pd 1.x — versions 0
Tp-link Systems Inc. Sg2008 4.2x — versions 0
Tp-link Systems Inc. Sg2008 4.3x — versions 0
Tp-link Systems Inc. Sg2008p 3.2x — versions 0
Tp-link Systems Inc. Sg2008p 3.3x — versions 0
Tp-link Systems Inc. Sg2016p 1.2x — versions 0
Tp-link Systems Inc. Sg2016p 1.3x — versions 0
Tp-link Systems Inc. Sg2210mp 4.2x — versions 0
Tp-link Systems Inc. Sg2210mp 5.2x — versions 0
Tp-link Systems Inc. Sg2210mp 5.x — versions 0

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

tangrs/cve-2026-1668-poc

References

support.omadanetworks.com/us/product/ (patch)
support.omadanetworks.com/au/download/firmware/ (patch)
support.omadanetworks.com/en/download/firmware/ (patch)
support.omadanetworks.com/us/document/118794/ (vendor-advisory)

Frequently asked questions

What is CVE-2026-1668?: CVE-2026-1668 is a vulnerability in Tp-link Systems Inc. Sg2005p-pd 1.x, classified under Improper Input Validation. Published 2026-03-13.
Is CVE-2026-1668 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.