Primary

Context

TP-Link Omada Cloud Controllers Cross-Origin Access Control Bypass Vulnerability

Vulnerability

Patched

A permissive web security configuration in TP-Link Omada cloud controllers prior to version 4.25.25 may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires an existing client-side injection vulnerability and user access to the affected web interface. Successful exploitation could lead to the unauthorized disclosure of sensitive information.

Impact

Exploitation of this vulnerability could result in the unauthorized disclosure of sensitive information.

Remediation

Users with affected Omada Cloud deployments do not need to take any action, as updates are automatically applied to the cloud environment once validated by TP-Link.

Added: Feb 13, 2026, 3:33 AM

Updated: Feb 13, 2026, 3:33 AM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.9

exploitability

5.0

remediation

7.7

relevance

3.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.9

exploitability

5.0

remediation

7.7

relevance

3.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TP-Link Omada Cloud Controllers Cross-Origin Access Control Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

TP-Link Omada Cloud Controller

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating