CVE-2026-4252CRITICAL 9.8EPSS p65.8%

CVE-2026-4252CVE-2026-4252

Description

A vulnerability was identified in Tenda AC8 16.03.50.11. Affected by this issue is the function check_is_ipv6 of the component IPv6 Handler. The manipulation leads to reliance on ip address for authentication. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS1.26% probability of exploitation · percentile 65.8% · 2026-06-19T12:03:05Z
Published2026-03-16
Last modified2026-04-03

Underlying weaknesses· 2

CWE-287CWE-291

References

  1. https://github.com/digitalandrew/tenda_ac8_v5/blob/main/poc_ipv6_auth_bypass.py
  2. https://vuldb.com/?ctiid.351210
  3. https://vuldb.com/?id.351210
  4. https://vuldb.com/?submit.771759
  5. https://www.tenda.com.cn/

2

TypeTargetConfidenceTier
WeaknessImproper Authenticationcwe-2870%live
WeaknessReliance on IP Address for Authenticationcwe-2910%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-4254
CVE
CVE-2026-8263
CVE
CVE-2026-8264
CVE
CVE-2025-1853
CVE
CVE-2025-24322
CVE
CVE-2025-27129
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.