NVD HIGH: CVE-2026-6024 — A vulnerability was determined in Tenda i6 1.0.0.7(2204). Affected by this issue...

Friday, April 10, 2026 at 06:16 AM UTC·Source: NIST NVD

Updated: Thursday, April 16, 2026 at 11:17 AM UTC

Executive Summary

A vulnerability was determined in Tenda i6 1.0.0.7(2204). Affected by this issue is the function R7WebsSecurityHandlerfunction of the component HTTP Handler. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

Analysis

Indicators of Compromise (2)

CVE (1)

CVE-2026-6024

NVD MITRE CVE

IPv4 (1)

1.0.0.7

VirusTotal Shodan AbuseIPDB

Source Attribution

Originally published by NIST NVD on Apr 10, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerability

Friday Squid Blogging: New Giant Squid Video

Pretty fantastic video from Japan of a giant squid eating another squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.

Apr 17, 2026Schneier on Security

MEDIUMVulnerability

How NIST's Cutback of CVE Handling Impacts Cyber Teams

Industry and ad hoc coalitions appear poised to help fill the gap created by NIST's decision to cut back on CVE data enrichment.

Apr 17, 2026Dark Reading

CRITICALVulnerability

NVD CRITICAL: CVE-2026-40525 — OpenViking prior to commit c7bb167 contains an authentication bypass vulnerabili...

OpenViking prior to commit c7bb167 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the api_key configuration value is unset or empty. Remote attackers with network access to the exposed service can invoke privileged bot-control functionality without providing a valid X-API-Key header, including submitting at

CVE-2026-40525

Apr 17, 2026NIST NVD