What is CVE-2026-34126?

CVE-2026-34126 is a high-severity vulnerability in Tp-link Tapo_d100c, classified under Cleartext Transmission of Sensitive Information. CVSS score: 7.5/10. Published 2026-05-28.

How severe is CVE-2026-34126?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Tp-link Tapo_d100c

CVE-2026-34126

TP-Link has identified a vulnerability in Tapo L535E v1.0 and v3.0, Tapo P300 v1.0, and Tapo D100C v1.0, where Bluetooth communication during the initial setup phase is transmitted in cleartext without encryption. Bluetooth is only used d…

EPSS: 0.000 (0.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Tp-link Tapo_d100c — versions 1.0
Tp-link Tapo_d100c_firmware — versions 1.3.1
Tp-link Tapo_l535e — versions 1.0, 3.0
Tp-link Tapo_l535e_firmware — versions 1.4.1
Tp-link Tapo_p300 — versions 1.0
Tp-link Tapo_p300_firmware — versions 1.4.0, 1.4.2
Tp Link Systems Inc. Tapo D100c V1.0 — versions 0
Tp-link Systems Inc. Tapo L535e V1.0, V3.0 — versions 0
Tp-link Systems Inc. Tapo P300 V1.0 — versions 0

Weakness classification (CWE)

CWE-319 — Cleartext Transmission of Sensitive Information

References

f23511db-6c3e-4e32-a477-6aa17d310630 (Release Notes, patch)
f23511db-6c3e-4e32-a477-6aa17d310630 (Release Notes, patch)
f23511db-6c3e-4e32-a477-6aa17d310630 (Release Notes, patch)
f23511db-6c3e-4e32-a477-6aa17d310630 (Release Notes, patch)
f23511db-6c3e-4e32-a477-6aa17d310630 (Release Notes, patch)
f23511db-6c3e-4e32-a477-6aa17d310630 (vendor-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2026-34126?: CVE-2026-34126 is a high-severity vulnerability in Tp-link Tapo_d100c, classified under Cleartext Transmission of Sensitive Information. CVSS score: 7.5/10. Published 2026-05-28.
How severe is CVE-2026-34126?: High severity. CVSS v3 base score is 7.5 out of 10.