A vulnerability classified as critical has been found in TP-Link Tapo C520WS v2 . This vulnerability affects unknown code of the component ONVIF CreateUsers Service . The manipulation leads to stack-based buffer overflow. This vulnerability is listed as CVE-2026-6239 . The attack may be initiated remotely. There is no available exploit.