CVE-2026-26342 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token (X-User-Token) with insufficient expiratio…
High CVSS: 8.7

CVE-2026-26342

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token (X-User-Token) with insufficient expiration. An attacker who obtains a valid token (for example via interception, log exposure, or token reuse on a shared system) can continue to authenticate to the management interface until the token is revoked, enabling unauthorized access to device functions and data.
Vendor
Tattile
Product
Smart\+ Firmware
CWE
CWE-613
Yayın Tarihi
2026-02-24 20:27:48
Güncelleme
2026-02-27 03:10:51
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-613 Smart\+ Firmware HIGH Tattile 2026

Referanslar

https://www.tattile.com/ https://www.vulncheck.com/advisories/tattile-smart-vega-basic-insufficient-session-token-expiration https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5976.php