CVE-2026-5526: Tenda 4G03 Pro Router Flaw Exposes Millions of Devices to Attack

A newly disclosed vulnerability, CVE-2026-5526, has put millions of Tenda 4G03 Pro routers at risk. The flaw, rated a 6.9 MEDIUM on the CVSSv4 scale, affects multiple firmware versions of the popular consumer and small business networking device. This discovery signals a persistent and critical weakness in the global supply chain of internet-connected hardware, where outdated or poorly secured firmware creates a vast, exploitable attack surface for malicious actors.

The vulnerability resides in Tenda 4G03 Pro routers running firmware versions up to 1.0, 1.1, 04.03.01.53, and those accessible via the common default gateway 192.168.0.1. While the full technical details of the exploit are still emerging, the assignment of a CVE identifier and a CVSS score indicates a confirmed, specific security flaw that could allow unauthorized access or control. The extremely low Exploit Prediction Scoring System (EPSS) percentage of 0.05% suggests it is not yet under widespread active attack, but this provides only a narrow window for mitigation before exploit code potentially proliferates.

This incident highlights the systemic risk posed by mass-produced, internet-facing devices from manufacturers like Tenda. Home offices, small businesses, and remote workers relying on this hardware are now on the clock to patch or replace vulnerable units. The vulnerability joins other historical CVEs from the same daily report, including a high-severity flaw in Wikipedia 12.0 (CVE-2018-25246) and a medium-severity issue in Nodcms (CVE-2016-20054), underscoring a continuous pipeline of software and firmware defects that require vigilant monitoring and prompt action from system administrators and security teams worldwide.