CVE-2026-26341

🚨 CRITICAL

Published

Feb 24, 2026

Last Modified

Feb 26, 2026

Views

Bookmarks

Description

Request Expert Review

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain administrative access, enabling unauthorized access to device configuration and data.

Affected Products (10)

tattile - smart\+_firmware

Version: *

tattile - tolling\+_firmware

Version: *

tattile - smart\+_speed_firmware

Version: *

tattile - smart\+_traffic_light_firmware

Version: *

tattile - axle_counter_firmware

Version: *

tattile - vega53_firmware

Version: *

tattile - vega33_firmware

Version: *

tattile - vega11_firmware

Version: *

tattile - basic_mk2_firmware

Version: *

tattile - anpr_mobile_firmware

Version: *

CVSS Scores

CVSS 3.1 9.8

9.8

CRITICAL

CVSS 2.0 9.8

References

www.tattile.com www.vulncheck.com www.zeroscience.mk

Additional Information

Source: disclosure@vulncheck.com
State: Analyzed

Related CVEs

CVE-2026-4111

HIGH

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path....

Score: 7.5

CVE-2026-4105

MEDIUM

A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the clas...

Score: 6.7

CVE-2026-4063

MEDIUM

The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check in th...

Score: 4.3

CVE-2026-3986

MEDIUM

The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form settings in all versions up to, and includin...

Score: 6.4

CVE-2026-3910

HIGH

Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a...

Score: 8.8

CVE-2026-3909

HIGH

Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTM...

Score: 8.8

Share CVE-2026-26341

Share on Social Media

Copy Link

Embed Code

HTML Embed (for websites/blogs)

Markdown (for GitHub/Discord)

Request Expert Analysis

Request a professional security analysis for CVE-2026-26341 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Priority Level

SLA Acceleration (50% faster delivery)

Add 3 credits for accelerated delivery

Additional Context (Optional)

Base Cost: 8 credits

Priority Upgrade: + credits

SLA Acceleration: +3 credits

Total Cost:

Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

CVE-2026-26341

Description

Affected Products (10)

tattile - smart\+_firmware

tattile - tolling\+_firmware

tattile - smart\+_speed_firmware

tattile - smart\+_traffic_light_firmware

tattile - axle_counter_firmware

tattile - vega53_firmware

tattile - vega33_firmware

tattile - vega11_firmware

tattile - basic_mk2_firmware

tattile - anpr_mobile_firmware

CVSS Scores

References

Additional Information

Related CVEs

CVE-2026-4111

CVE-2026-4105

CVE-2026-4063

CVE-2026-3986

CVE-2026-3910

CVE-2026-3909

Share CVE-2026-26341

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Credits System

Insufficient Credits

Report Analysis