{“lastseen”:””,”description”:”On TP-Link Tapo C260 v1, command injection vulnerability exists due to improper sanitization in certain POST parameters during configuration synchronization. An authenticated attacker can execute arbitrary system commands with high impact on confidentiality, integrity and availability. It may cause full device compromise.”,”published”:”2026-02-10T17:27:42.953Z”,”modified”:”2026-02-10T17:27:42.953Z”,”type”:”cve”,”title”:”Remote Code Execution on TP-Link Tapo C260 by Guest User”,”source”:”TPLink”,”references”:”https:\/\/www.tp-link.com\/us\/support\/download\/tapo-c260\/v1\/\\nhttps:\/\/www.tp-link.com\/en\/support\/download\/tapo-c260\/v1\/\\nhttps:\/\/www.tp-link.com\/us\/support\/faq\/4960\/”,”id”:”CVE-2026-0652″,”bulletinFamily”:””,”cwe”:[“CWE-78″],”cvelist”:null,”sourceData”:”TP-Link Systems Inc. Tapo C260 v1 0″,”sourceHref”:””,”cvss”:{“score”:8.7,”severity”:”HIGH”,”vector”:”CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:L\/UI:N\/VC:H\/VI:H\/VA:H\/SC:L\/SI:L\/SA:L”,”version”:”4.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”Tapo C260 v1″,”version”:”0″,”vendor”:”TP-Link Systems Inc.”,”ai_description”:”Command injection vulnerability in TP-Link Tapo C260 v1 due to improper sanitization in certain POST parameters during configuration synchronization, allowing an authenticated attacker to execute arbitrary system commands.”,”ai_severity”:”High”,”ai_vendor”:”TP-Link”,”ai_product”:”Tapo C260″,”ai_version”:”v1″,”ai_score”:8.7}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”On TP-Link Tapo C260 v1, command injection vulnerability exists due to improper sanitization in certain POST parameters during configuration synchronization. An authenticated attacker can execute…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,19,12,15,13,7,11,5],"class_list":["post-40048","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-87","tag-exploit","tag-high","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n