CVE-2026-5152
Published: 30 March 2026
Summary
CVE-2026-5152 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Ch22 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 9.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Remediating the stack-based buffer overflow in the formCreateFileName function via vendor firmware patches directly eliminates CVE-2026-5152 exploitation.
Validating the length and format of the fileNameMit argument prevents oversized inputs from triggering the stack buffer overflow in /goform/createFileName.
Stack canaries, ASLR, and non-executable memory protections block arbitrary code execution from the stack-based buffer overflow in CVE-2026-5152.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in public web form handler (/goform/createFileName) directly enables remote exploitation of a public-facing application for arbitrary code execution.
NVD Description
A vulnerability was detected in Tenda CH22 1.0.0.1. Impacted is the function formCreateFileName of the file /goform/createFileName. Performing a manipulation of the argument fileNameMit results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public…
more
and may be used.
Deeper analysisAI
CVE-2026-5152 is a stack-based buffer overflow vulnerability affecting Tenda CH22 firmware version 1.0.0.1. The flaw resides in the formCreateFileName function within the /goform/createFileName file, where manipulation of the fileNameMit argument triggers the overflow. It is associated with CWEs-119, CWE-121, and CWE-787, and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
The vulnerability enables remote exploitation by an attacker possessing low privileges, with low attack complexity and no requirement for user interaction. Successful exploitation can result in high impacts to confidentiality, integrity, and availability, potentially allowing arbitrary code execution on the affected device.
Advisories and references, including those on VulDB (https://vuldb.com/vuln/354184) and a public exploit repository (https://github.com/Litengzheng/vuldb_new/blob/main/CH22/vul_50/README.md), detail the issue, while the vendor site (https://www.tenda.com.cn/) should be consulted for any patches or mitigation guidance. The exploit is publicly available and may be actively used.
Details
- CWE(s)