Home / Vulnerability Intelligence / CVE-2026-4252

CVE-2026-4252 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 17, 2026

Tenda AC8 - Authentication Bypass

Published: March 16, 2026Updated: March 17, 2026Remote Exploitable

Overview

Tenda AC8 16.03.50.11 contains a broken authentication caused by reliance on IP address for authentication in the IPv6 Handler component, letting remote attackers bypass authentication, exploit requires no special conditions.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 13.6%(Probability of exploitation in next 30 days)

Impact

Remote attackers can bypass authentication, potentially gaining unauthorized access to the device.

Mitigation

Update to the latest version.

References

Social Media Activity(1 post)

Offensive Sequence

@offseq

Mar 17, 2026

🚩 CRITICAL: CVE-2026-4252 impacts Tenda AC8 (16.03.50.11). IP-based auth in IPv6 Handler lets remote attackers bypass login. Exploit is public. Disable remote mgmt, restrict access, monitor traffic. Details: https://radar.offseq.com/threat/cve-2026-4252-reliance-on-ip-address-for-authentic-a9de4650 #OffSeq #CVE #RouterSecurity #Infosec

View original post

Related Resources

Details

CVE ID: CVE-2026-4252
Severity: Critical
CVSS Score: 9.8
Type: broken_authentication
Status: unconfirmed
EPSS: 13.6%
Social Posts: 1

CWE

CWE-287

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

13.6%Probability of exploitation in the next 30 days