CVE-2026-13230

Severity CVSS v4.0:
MEDIUM
Type:
CWE-200 Information Leak / Disclosure
Publication date:
15/07/2026
Last modified:
15/07/2026

Description

An information disclosure vulnerability was identified in TP-Link Kasa EC70 v4 and EC71 v4 in the local discovery mechanism, which exposes<br /> sensitive geolocation information without requiring authentication. This issue<br /> allows an attacker on the same local network to retrieve geolocation-related<br /> data through crafted responses.<br /> <br /> The<br /> vulnerability impacts confidentiality only, with no evidence of integrity of<br /> availability impact.