Primary

Context

TP-Link Tapo C260 Path Traversal Vulnerability

Vulnerability

A path traversal vulnerability has been identified in the TP-Link Tapo C260 v1 camera. This issue arises from improper handling of specific GET request paths over HTTPS, allowing local unauthenticated users to probe the filesystem and determine the existence of certain files on the device. However, this vulnerability does not permit reading, writing, or executing code.

Impact

Exploitation of this vulnerability could lead to unauthorized probing of the device's filesystem, allowing an attacker to determine the presence of specific files.

Remediation

Users are advised to update to the latest firmware version. Instructions for downloading the update are available on the TP-Link Tapo C260 v1 support page.

Added: Feb 10, 2026, 8:35 PM

Updated: Feb 11, 2026, 12:08 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.9

remediation

0.0

relevance

2.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.9

remediation

0.0

relevance

2.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TP-Link Tapo C260 Path Traversal Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating