Which versions of TP-Link Tapo Camera are affected by CVE-2026-0918?

CVE-2026-0918 affects TP-Link Tapo C220 v1 and C520WS v2 network cameras, enabling adjacent attackers to repeatedly crash the HTTP service and sustain denial of service despite automatic restarts.

TP-Link Tapo Camera CVE-2026-0918

Q: What is the CVSS score of CVE-2026-0918?

CVE-2026-0918 has a CVSS 4.0 base score of 7.1 (High). CVSS vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

HIGH

NULL Pointer Dereference (CWE-476)

2026-01-27 f23511db-6c3e-4e32-a477-6aa17d310630

Denial Of Service Null Pointer Dereference

7.1

CVSS 4.0

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Updated

Apr 29, 2026 - 01:58 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 29, 2026 - 01:43 vuln.today

cvss_changed

CVSS changed

Apr 29, 2026 - 01:43 NVD

7.5 (HIGH) 7.1 (HIGH)

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

CVE Published

Jan 27, 2026 - 18:15 nvd

HIGH 7.5

DescriptionNVD

The Tapo C220 v1 and C520WS v2 cameras’ HTTP service does not safely handle POST requests containing an excessively large Content-Length header. The resulting failed memory allocation triggers a NULL pointer dereference, causing the main service process to crash. An unauthenticated attacker can repeatedly crash the service, causing temporary denial of service. The device restarts automatically, and repeated requests can keep it unavailable.

AnalysisAI

Null pointer dereference in TP-Link Tapo C220 v1 and C520WS v2 cameras allows adjacent network attackers to crash the HTTP service via malformed POST requests with excessive Content-Length headers. Attackers can sustain denial of service through repeated crashes despite automatic device restarts. …

RemediationAI

Within 24 hours: Inventory all TP-Link Tapo C220 v1 and C520WS v2 devices in your environment and isolate affected cameras to segmented networks with strict access controls. Within 7 days: Implement network-level mitigations by restricting POST requests to the camera HTTP service and deploying rate limiting on requests with excessive Content-Length headers. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-0918 vulnerability details – vuln.today

Back

TP-Link Tapo Camera CVE-2026-0918

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

TP-Link Tapo Camera CVE-2026-0918

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code