CVE-2026-24426

UNKNOWN 0.0

Tenda AC7 Reflected XSS via Web Interface Output Encoding

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses without adequate escaping, allowing injection of arbitrary HTML or JavaScript in a victim’s browser context.

CWE	CWE-79
Vendor	shenzhen tenda technology co., ltd.
Product	tenda ac7
Published	Feb 3, 2026
Last Updated	Mar 5, 2026

Stay Ahead of the Next One

Get instant alerts for shenzhen tenda technology co., ltd. tenda ac7

Be the first to know when new unknown vulnerabilities affecting shenzhen tenda technology co., ltd. tenda ac7 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Shenzhen Tenda Technology Co., Ltd. / Tenda AC7

0 ≤ 03.03.03.01_cn

References

NVD ↗ CVE.org ↗ EPSS Data ↗

tendacn.com: https://www.tendacn.com/product/AC7 vulncheck.com: https://www.vulncheck.com/advisories/tenda-ac7-reflected-xss-via-web-interface-output-encoding

Credits

Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc.