A vulnerability, which was classified as problematic, was found in TP-Link Kasa v4. This affects an unknown function of the component Web Management Service. Such manipulation leads to channel accessible by non-endpoint.

This vulnerability is listed as CVE-2026-9770. The attack may be performed from remote. There is no available exploit.