Buffer overflow in Tp-link Systems Inc. Tapo C520ws V2.6

CVE-2026-34124

A denial-of-service vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP request path parsing logic. The implementation enforces length restrictions on the raw request path but does not account for path expansion perfor…

Vulnerability class: Buffer Overflow

EPSS: 0.000 (9.3th percentile) — read the EPSS interpretation.

Affected products

Tp-link Systems Inc. Tapo C520ws V2.6 — versions 0

Weakness classification (CWE)

CWE-120 — Buffer Copy without Checking Size of Input (Classic Buffer Overflow)

References

www.tp-link.com/us/support/download/tapo-c520ws/ (patch)
www.tp-link.com/en/support/download/tapo-c520ws/ (patch)
www.tp-link.com/us/support/faq/5047/ (vendor-advisory)