Vulnerability Details CVE-2026-0655
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TP-Link Deco BE25 v1.0 (web modules) allows authenticated adjacent attacker to read arbitrary files or cause denial of service. This issue affects Deco BE25 v1.0: through 1.1.1 Build 20250822.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 4.6%
CVSS Severity
CVSS v3 Score 8.0
References
Products affected by CVE-2026-0655
-
cpe:2.3:h:tp-link:deco_be25:1.0
-
cpe:2.3:o:tp-link:deco_be25_firmware:*