CVE-2026-24426 – Tenda AC7 Reflected XSS via Web Interface Output Encoding

CVE ID : CVE-2026-24426

Published : Feb. 3, 2026, 7:09 p.m. | 8 minutes ago

Description : Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses without adequate escaping, allowing injection of arbitrary HTML or JavaScript in a victim’s browser context.

Severity: 5.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…