Buffer overflow in Tp-link Systems Inc. Tapo C520ws V2.6

CVE-2026-34119

A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP parsing loop when appending segmented request bodies without continuous write‑boundary verification, due to insufficient boundary validat…

Vulnerability class: Buffer Overflow

EPSS: 0.000 (7.3th percentile) — read the EPSS interpretation.

Affected products

Tp-link Systems Inc. Tapo C520ws V2.6 — versions 0

Weakness classification (CWE)

CWE-122 — Heap-based Buffer Overflow

References

www.tp-link.com/us/support/download/tapo-c520ws/ (patch)
www.tp-link.com/en/support/download/tapo-c520ws/ (patch)
www.tp-link.com/us/support/faq/5047/ (vendor-advisory)