πŸ” CVE Alert

CVE-2026-1571

UNKNOWN 0.0

Reflected XSS Vulnerability on TP-Link Archer C60

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

User-controlled input is reflected into the HTML output without proper encoding on TP-Link Archer C60 v3, allowing arbitrary JavaScript execution via a crafted URL.Β An attacker could run script in the device web UI context, potentially enabling credential theft, session hijacking, or unintended actions if a privileged user is targeted.

CWE CWE-79
Vendor tp-link systems inc.
Product archer c60 v3
Published Feb 11, 2026
Last Updated Mar 10, 2026
Stay Ahead of the Next One

Get instant alerts for tp-link systems inc. archer c60 v3

Be the first to know when new unknown vulnerabilities affecting tp-link systems inc. archer c60 v3 are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

Affected Versions

TP-Link Systems Inc. / Archer C60 v3
0 < V3_260206

References

NVD β†— CVE.org β†— EPSS Data β†—
tp-link.com: https://www.tp-link.com/en/support/download/archer-c60/#Firmware tp-link.com: https://www.tp-link.com/us/support/faq/4961/

Credits

Abdelrahman Khaled (@dabd0ub)