{"cve_id":"CVE-2026-2191","summary":"A weakness has been identified in Tenda AC9 15.03.06.42_multi. Affected is the function formGetDdosDefenceList. This manipulation of the argument security.ddos.map causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.","cvss":7.2,"cvss_version":3.0,"cvss_v2":8.3,"cvss_v3":7.2,"epss":0.00139,"ranking_epss":0.34142,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/glkfc/IoT-Vulnerability/blob/main/Tenda/tenda3.md","https://vuldb.com/?ctiid.344894","https://vuldb.com/?id.344894","https://vuldb.com/?submit.749800","https://www.tenda.com.cn/"],"published_time":"2026-02-08T23:15:49","cpes":["cpe:2.3:h:tenda:ac9:-","cpe:2.3:o:tenda:ac9_firmware:15.03.06.42_multi"]}