CVE-2026-1668 — CRITICAL (9.8)

Q: How severe is CVE-2026-1668?

CVE-2026-1668 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2026-1668?

Check the references section above for vendor advisories and patch information. Affected products include: Tp-Link Omada Sg2005P-Pd Firmware, Tp-Link Omada Sg2005P-Pd, Tp-Link Omada Sg2008 Firmware, Tp-Link Omada Sg2008, Tp-Link Omada Sg2008P Firmware.

Vulnerability Description

The web interface on multiple Omada switches does not adequately validate certain external inputs, which may lead to out-of-bound memory access when processing crafted requests. Under specific conditions, this flaw may result in unintended command execution.<br>An unauthenticated attacker with network access to the affected interface may cause memory corruption, service instability, or information disclosure. Successful exploitation may allow remote code execution or denial-of-service.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Tp-Link	Omada Sg2005P-Pd Firmware	>= 1.0.0, < 1.0.19
Tp-Link	Omada Sg2005P-Pd	-
Tp-Link	Omada Sg2008 Firmware	>= 4.20.0, < 4.20.17
Tp-Link	Omada Sg2008	-
Tp-Link	Omada Sg2008P Firmware	>= 3.20.0, < 3.20.17
Tp-Link	Omada Sg2008P	-
Tp-Link	Omada Sg2016P Firmware	>= 1.20.0, < 1.20.17
Tp-Link	Omada Sg2016P	-
Tp-Link	Omada Sg2210Mp Firmware	>= 4.20.0, < 4.20.18
Tp-Link	Omada Sg2210Mp	-
Tp-Link	Omada Sg2210P Firmware	>= 5.20.0, < 5.20.18
Tp-Link	Omada Sg2210P	-
Tp-Link	Omada Sg2210Xmp-M2 Firmware	>= 1.0.0, < 1.0.19
Tp-Link	Omada Sg2210Xmp-M2	-
Tp-Link	Omada Sg2218 Firmware	>= 1.20.0, < 1.20.17
Tp-Link	Omada Sg2218	-
Tp-Link	Omada Sg2218P Firmware	>= 1.20.0, < 1.20.17
Tp-Link	Omada Sg2218P	-
Tp-Link	Omada Sg2428Lp Firmware	>= 1.0.0, < 1.0.13
Tp-Link	Omada Sg2428Lp	-

Related Weaknesses (CWE)

CWE-20 CWE-787

References

https://support.omadanetworks.com/au/download/firmware/Product
https://support.omadanetworks.com/en/download/firmware/Product
https://support.omadanetworks.com/us/document/118794/Vendor Advisory
https://support.omadanetworks.com/us/product/Product

FAQ

What is CVE-2026-1668?

CVE-2026-1668 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The web interface on multiple Omada switches does not adequately validate certain external inputs, which may lead to out-of-bound memory access when processing crafted requests. Under specific condit...

How severe is CVE-2026-1668?

CVE-2026-1668 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2026-1668?

Check the references section above for vendor advisories and patch information. Affected products include: Tp-Link Omada Sg2005P-Pd Firmware, Tp-Link Omada Sg2005P-Pd, Tp-Link Omada Sg2008 Firmware, Tp-Link Omada Sg2008, Tp-Link Omada Sg2008P Firmware.