Security Advisory

CVE-2026-0655

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-02 17:39:20

Last updated 2026-03-02 19:21:36

Assigner TPLink

State PUBLISHED

Description

Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in TP-Link Deco BE25 v1.0 (web modules) allows authenticated adjacent attacker to read arbitrary files or cause denial of service. This issue affects Deco BE25 v1.0: through 1.1.1 Build 20250822.

← Browse all CVEs View on cve.org ↗