{"id":76850,"date":"2026-02-10T20:57:51","date_gmt":"2026-02-10T17:27:51","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2026-0651-path-traversal-on-tp-link-tapo-d235-and-c260-via-local-https\/"},"modified":"2026-02-10T20:57:51","modified_gmt":"2026-02-10T17:27:51","slug":"cve-2026-0651-path-traversal-on-tp-link-tapo-d235-and-c260-via-local-https","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2026-0651-path-traversal-on-tp-link-tapo-d235-and-c260-via-local-https\/","title":{"rendered":"CVE-2026-0651 &#8211; Path Traversal on TP-Link Tapo D235 and C260 via Local https"},"content":{"rendered":"<p>CVE ID : CVE-2026-0651<\/p>\n<p>Published :  Feb. 10, 2026, 5:27 p.m. | 54\u00a0minutes ago<\/p>\n<p>Description : On TP-Link Tapo C260 v1, path traversal is possible due to improper handling of specific GET request paths via https, allowing local unauthenticated probing of filesystem paths. An attacker on the local network can determine whether certain files exists on the device, with no read, write or code execution possibilities.<\/p>\n<p>Severity: 5.3 | MEDIUM<\/p>\n<p>Visit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID : CVE-2026-0651 Published : Feb. 10, 2026, 5:27 p.m. | 54\u00a0minutes ago Description : On TP-Link Tapo C260 v1, path traversal is possible due to improper handling of specific GET request paths via https, allowing local unauthenticated probing of filesystem paths. An attacker on the local network can determine whether certain files exists &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-76850","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/76850","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=76850"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/76850\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=76850"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=76850"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=76850"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}