Home / Vulnerability Intelligence / CVE-2026-4252

CVE-2026-4252 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 16, 2026

Published: March 16, 2026Updated: March 16, 2026Remote Exploitable

Overview

A vulnerability was identified in Tenda AC8 16.03.50.11. Affected by this issue is the function check_is_ipv6 of the component IPv6 Handler. The manipulation leads to reliance on ip address for authentication. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

Severity & Score

Severity: Critical

CVSS Score: 9.8

References

https://vuldb.com/?id.351210
https://vuldb.com/?submit.771759
https://www.tenda.com.cn/
https://github.com/digitalandrew/tenda_ac8_v5/blob/main/poc_ipv6_auth_bypass.py
https://vuldb.com/?ctiid.351210

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-4252
Severity: Critical
CVSS Score: 9.8
Status: new

CWE

CWE-287

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H