What is CVE-2026-1871?

CVE-2026-1871 is a medium-severity vulnerability in Tp-link Tapo_c200, classified under Stack-based Buffer Overflow. CVSS score: 6.5/10. Published 2026-06-02.

How severe is CVE-2026-1871?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Buffer overflow in Tp-link Tapo_c200

CVE-2026-1871

TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted authentication request. Successful expl…

Vulnerability class: Buffer Overflow

EPSS: 0.000 (10.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Tp-link Tapo_c200 — versions 5
Tp-link Tapo_c200_firmware — versions 1.0.5, 1.0.12, 1.0.13
Tp-link Systems Inc. Tapo C200 V5 — versions 0

Weakness classification (CWE)

CWE-121 — Stack-based Buffer Overflow

References

f23511db-6c3e-4e32-a477-6aa17d310630 (Release Notes, patch)
f23511db-6c3e-4e32-a477-6aa17d310630 (Release Notes, patch)
f23511db-6c3e-4e32-a477-6aa17d310630 (Release Notes, patch)
f23511db-6c3e-4e32-a477-6aa17d310630 (vendor-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2026-1871?: CVE-2026-1871 is a medium-severity vulnerability in Tp-link Tapo_c200, classified under Stack-based Buffer Overflow. CVSS score: 6.5/10. Published 2026-06-02.
How severe is CVE-2026-1871?: Medium severity. CVSS v3 base score is 6.5 out of 10.