A vulnerability classified as critical was found in TP-Link Tapo C520WS v2 . This issue affects some unknown processing of the component ONVIF DeleteUsers Service . The manipulation results in stack-based buffer overflow. This vulnerability is cataloged as CVE-2026-6240 . The attack may be launched remotely. There is no exploit available.