ГлавнаяУязвимости → CVE-2026-26342
9.8критическая

CVE-2026-26342

Описание

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token (X-User-Token) with insufficient expiration. An attacker who obtains a valid token (for example via interception, log exposure, or token reuse on a shared system) can continue to authenticate to the management interface until the token is revoked, enabling unauthorized access to device functions and data.

Затрагиваемое ПО
Tattile Smart\+ firmwareTattile Smart\+Tattile Tolling\+ firmwareTattile Tolling\+Tattile Smart\+ speed firmwareTattile Smart\+ speedTattile Smart\+ traffic light firmwareTattile Smart\+ traffic lightTattile Axle counter firmwareTattile Axle counterTattile Vega53 firmwareTattile Vega53Tattile Vega33 firmwareTattile Vega33Tattile Vega11 firmwareTattile Vega11Tattile Basic mk2 firmwareTattile Basic mk2Tattile Anpr mobile firmwareTattile Anpr mobile
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.tattile.com/https://www.vulncheck.com/advisories/tattile-smart-vega-basic-insufficient-session-token-expirationhttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5976.php