CVE-2026-0651
CVE-2026-0651 is a path traversal vulnerability in TP-Link Tapo C260 v1, D235 v1, and C520WS v2.6 where the HTTP server mishandles GET paths: it normalizes paths, but if decoding of URL-encoded input fails it falls back to the raw path, enabling crafted URL-encoded traversal sequences to escape t...