Affected Vendors This Week
- Fortinet: 8 CVEs (4 High, 4 Medium)
- TP-Link: 4 CVEs (2 High, 2 Medium)
- Palo Alto Networks: 1 CVE (Unrated)
Critical Vulnerabilities
This week brings 13 new router and network appliance vulnerabilities, with 6 rated as High severity. Two vulnerabilities stand out at CVSS 8.8, warranting immediate attention from network administrators managing affected infrastructure.
TP-Link Tapo devices face the most urgent threats. CVE-2026-0652 (CVSS 8.8) is a command injection flaw in the Tapo C260 v1 that allows authenticated attackers to execute arbitrary commands through improperly sanitized POST parameters during configuration synchronization. CVE-2026-0651 (CVSS 7.8) compounds the problem with a path traversal vulnerability affecting the Tapo C260 v1, D235 v1, and C520WS v2.6—allowing attackers to access files outside intended directories via crafted GET requests. CVE-2026-0653 (CVSS 6.5) reveals a privilege escalation issue where guest-level users can bypass access controls on Tapo C260 v1 and D235 v1. Finally, CVE-2026-1571 (CVSS 6.1) is a reflected XSS vulnerability on the Archer C60 v3 that could allow script injection through malicious URLs.
Fortinet products dominate this week's volume with 8 CVEs. The most critical is CVE-2026-22153 (CVSS 8.1), an authentication bypass affecting FortiOS 7.6.0 through 7.6.4 that allows unauthenticated attackers to bypass LDAP authentication—a direct path to unauthorized network access. CVE-2025-52436 (CVSS 8.8) is a cross-site scripting (XSS) flaw in FortiSandbox 5.0.0–5.0.1 and 4.4.0+ that could enable session hijacking. CVE-2026-21743 (CVSS 7.2) affects multiple FortiAuthenticator versions (6.3–6.6.6) with missing authorization controls. Additionally, CVE-2025-64157 (CVSS 6.7), a format string vulnerability in FortiOS 7.6.0–7.6.4 and other versions, allows authenticated attackers to disclose sensitive information or crash services.
Palo Alto Networks: CVE-2026-0229 affects the Advanced DNS Security feature in PAN-OS, allowing unauthenticated attackers to trigger a denial-of-service condition.
Recommended Actions
- TP-Link administrators: Prioritize firmware updates for Tapo C260, D235, C520WS, and Archer C60 models. Audit logs for suspicious synchronization requests and path traversal attempts.
- Fortinet customers: Apply patches for FortiOS 7.6.x immediately, particularly for CVE-2026-22153. Review LDAP authentication logs for bypass attempts. Update FortiSandbox and FortiAuthenticator instances to patched versions.
- All environments: Deploy network segmentation to isolate vulnerable devices pending patching, and monitor for exploitation attempts targeting these CVE IDs.