Clickjacking Vulnerability in Tenda F3 Wireless Router Firmware
CVE-2026-27511

5.1MEDIUM

Key Information:

Vendor: Shenzhen Tenda Technology Co., Ltd.
Status: Tenda F3
Vendor: CVE Published:; 23 February 2026

🔔 Create Shenzhen Tenda Technology Co., Ltd. Vulnerability Alert

What is CVE-2026-27511?

The Tenda F3 Wireless Router firmware version V12.01.01.55_multi has a vulnerability in its web-based administrative interface that lacks the X-Frame-Options header. This oversight allows an attacker to embed the administrative pages within an iframe on a malicious website. As a result, an unsuspecting authenticated administrator could be manipulated into performing unintended actions, which can lead to unauthorized modifications to the router's configuration settings.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Tenda F3 0 <= 12.01.01.55_multi

References

https://www.tendacn.com/product/F3

product

https://www.vulncheck.com/advisories/tenda-f3-clickjackin...

third-party-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Feb 23, 2026
Vulnerability Reserved
Feb 19, 2026

Credit

Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc.

JSON

Shenzhen Tenda Technology Co., Ltd.

What is CVE-2026-27511?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.