CVE-2026-6240EPSS p7.8%

CVE-2026-6240CVE-2026-6240

Description

A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF DeleteUsers service, due to insufficient boundary checks when handling multiple user deletion parameters. An authenticated attacker can send a crafted malicious request containing an excessive number of identifiers to overflow stack memory. Successful exploitation may result in a service crash or deadlock, leading to DoS affecting device management and monitoring functionality.

Scoring

EPSS0.18% probability of exploitation · percentile 7.8% · 2026-06-18T12:00:27Z
Last modified2026-06-08

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-6239
CVE
CVE-2026-6241
CVE
CVE-2026-1871
CVE
CVE-2026-6242
CVE
CVE-2026-8714
CVE
CVE-2026-34123
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.