CVE-2026-26342

🚨 CRITICAL

Published

Feb 24, 2026

Last Modified

Feb 27, 2026

Views

Bookmarks

Description

Request Expert Review

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token (X-User-Token) with insufficient expiration. An attacker who obtains a valid token (for example via interception, log exposure, or token reuse on a shared system) can continue to authenticate to the management interface until the token is revoked, enabling unauthorized access to device functions and data.

Affected Products (10)

tattile - smart\+_firmware

Version: *

tattile - tolling\+_firmware

Version: *

tattile - smart\+_speed_firmware

Version: *

tattile - smart\+_traffic_light_firmware

Version: *

tattile - axle_counter_firmware

Version: *

tattile - vega53_firmware

Version: *

tattile - vega33_firmware

Version: *

tattile - vega11_firmware

Version: *

tattile - basic_mk2_firmware

Version: *

tattile - anpr_mobile_firmware

Version: *

CVSS Scores

CVSS 3.1 9.8

9.8

CRITICAL

CVSS 2.0 9.8

References

www.tattile.com www.vulncheck.com www.zeroscience.mk

Additional Information

Source: disclosure@vulncheck.com
State: Analyzed

Related CVEs

CVE-2026-4111

HIGH

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path....

Score: 7.5

CVE-2026-4105

MEDIUM

A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the clas...

Score: 6.7

CVE-2026-4063

MEDIUM

The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check in th...

Score: 4.3

CVE-2026-3986

MEDIUM

The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form settings in all versions up to, and includin...

Score: 6.4

CVE-2026-3910

HIGH

Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a...

Score: 8.8

CVE-2026-3909

HIGH

Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTM...

Score: 8.8

Share CVE-2026-26342

Share on Social Media

Copy Link

Embed Code

HTML Embed (for websites/blogs)

Markdown (for GitHub/Discord)

Request Expert Analysis

Request a professional security analysis for CVE-2026-26342 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Priority Level

SLA Acceleration (50% faster delivery)

Add 3 credits for accelerated delivery

Additional Context (Optional)

Base Cost: 8 credits

Priority Upgrade: + credits

SLA Acceleration: +3 credits

Total Cost:

Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

CVE-2026-26342

Description

Affected Products (10)

tattile - smart\+_firmware

tattile - tolling\+_firmware

tattile - smart\+_speed_firmware

tattile - smart\+_traffic_light_firmware

tattile - axle_counter_firmware

tattile - vega53_firmware

tattile - vega33_firmware

tattile - vega11_firmware

tattile - basic_mk2_firmware

tattile - anpr_mobile_firmware

CVSS Scores

References

Additional Information

Related CVEs

CVE-2026-4111

CVE-2026-4105

CVE-2026-4063

CVE-2026-3986

CVE-2026-3910

CVE-2026-3909

Share CVE-2026-26342

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Credits System

Insufficient Credits

Report Analysis