CVE-2026-6241EPSS p5.8%

CVE-2026-6241CVE-2026-6241

Description

An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improperly passed to formatting functions without adequate sanitization. An attacker can inject format specifiers into ONVIF scope parameters to manipulate memory handling behavior. Successful exploitation may cause the ONVIF management service to crash, resulting in DoS condition that impacts normal device operation.

Scoring

EPSS0.16% probability of exploitation · percentile 5.8% · 2026-06-18T12:00:27Z
Last modified2026-06-08

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-6242
CVE
CVE-2026-6239
CVE
CVE-2026-6240
CVE
CVE-2026-8714
CVE
CVE-2026-34121
CVE
CVE-2026-0652
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.