CVE-2026-5841

HIGH

A weakness has been identified in Tenda i3 1.0.0.6(2204). The affected element is the function R7WebsSecurityHandler of the component HTTP Handler. Executing a manipulation can lead to path traversal. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.

CVSS v3.1 Score

7.3

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Complexity

LOW

Privileges

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Published: 4/9/2026Modified: 4/30/2026

Related Intelligence (0)

No articles currently reference this CVE.

References (5)

https://github.com/MrXiaoFan/TendaVul/tree/main/tenda-i3-V1.0.0.6(2204)-R7WebsSecurityHandler-Authentication%20Bypass%20IssuesExploitThird Party Advisory https://vuldb.com/submit/789935Third Party AdvisoryVDB Entry https://vuldb.com/vuln/356297Third Party AdvisoryVDB Entry https://vuldb.com/vuln/356297/ctiPermissions RequiredVDB Entry https://www.tenda.com.cn/Product