Tp-link Tapo C260 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Tp-link Tapo C260 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2026-0652 — CVSS 8.8 (high): On TP-Link Tapo C260 v1, command injection vulnerability exists due to improper sanitization in certain POST parameters during…
CVE-2026-0651 — CVSS 7.8 (high): A path traversal vulnerability was identified TP-Link Tapo C260 v1, D235 v1 and C520WS v2.6 within the HTTP server’s handling of GET…
CVE-2026-0653 — CVSS 6.5 (medium): On TP-Link Tapo C260 v1 and D235 v1, a guest‑level authenticated user can bypass intended access restrictions by sending crafted requests…