CVE-2026-27511 MEDIUM

CVE-2026-27511: Tenda F3 Clickjacking in Web Management Interface

Vendor Shenzhen Tenda Technology Co., Ltd.
Product Tenda F3
Weakness CWE-1021
Published February 23, 2026
Last update May 11, 2026

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a clickjacking vulnerability in the web-based administrative interface. The interface does not set the X-Frame-Options header, allowing attacker-controlled sites to embed administrative pages in an iframe and trick an authenticated administrator into unintended interactions that may result in unauthorized configuration changes.

Key dates

02Disclosure timeline

February 23, 2026 CVE published
May 11, 2026 Record updated