Unauthenticated URL Redirection Vulnerability in Archer AX20 V2 by TP-Link
CVE-2026-10562

5.9MEDIUM

Key Information:

Vendor: Tp-link Systems Inc.
Status: Archer Ax20 V2.0
Vendor: CVE Published:; 30 June 2026

🔔 Create Tp-link Systems Inc. Vulnerability Alert

What is CVE-2026-10562?

A security issue has been identified in the Archer AX20 V2 router that allows for unauthenticated URL redirection due to inadequate validation of user-supplied URL input. Attackers can exploit this vulnerability by crafting malicious URLs with URL-encoded path traversal sequences. When these URLs are processed by the embedded web server, they may redirect users to external domains controlled by the attacker, posing a significant risk to network integrity and user safety.

Affected Version(s)

Archer AX20 V2.0 0

References

https://www.tp-link.com/en/support/download/archer-ax20/v...

patch

https://www.tp-link.com/en/support/faq/5156/

vendor-advisory

CVSS V4

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2026
Vulnerability Reserved
Jun 1, 2026

Credit

VeyselXan (Cyb3rLynx)

CVE-2026-10562 Data

JSON