Buffer overflow in Tp-link Systems Inc. Tapo C520ws V2.6

CVE-2026-34118

A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 in the HTTP POST body parsing logic due to missing validation of remaining buffer capacity after dynamic allocation, due to insufficient boundary validat…

Vulnerability class: Buffer Overflow

EPSS: 0.000 (7.3th percentile) — read the EPSS interpretation.

Affected products

Tp-link Systems Inc. Tapo C520ws V2.6 — versions 0

Weakness classification (CWE)

CWE-122 — Heap-based Buffer Overflow

References

www.tp-link.com/us/support/download/tapo-c520ws/ (patch)
www.tp-link.com/en/support/download/tapo-c520ws/ (patch)
www.tp-link.com/us/support/faq/5047/ (vendor-advisory)