CVE-2026-26340 — HIGH (7.5)

Q: How severe is CVE-2026-26340?

CVE-2026-26340 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-26340?

Check the references section above for vendor advisories and patch information. Affected products include: Tattile Smart\+ Firmware, Tattile Smart\+, Tattile Tolling\+ Firmware, Tattile Tolling\+, Tattile Smart\+ Speed Firmware.

Vulnerability Description

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior expose RTSP streams without requiring authentication. A remote attacker can connect to the RTSP service and access live video/audio streams without valid credentials, resulting in unauthorized disclosure of surveillance data.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Tattile	Smart\+ Firmware	<= 1.181.5
Tattile	Smart\+	-
Tattile	Tolling\+ Firmware	<= 1.181.5
Tattile	Tolling\+	-
Tattile	Smart\+ Speed Firmware	<= 1.181.5
Tattile	Smart\+ Speed	-
Tattile	Smart\+ Traffic Light Firmware	<= 1.181.5
Tattile	Smart\+ Traffic Light	-
Tattile	Axle Counter Firmware	<= 1.181.5
Tattile	Axle Counter	-
Tattile	Vega53 Firmware	<= 1.181.5
Tattile	Vega53	-
Tattile	Vega33 Firmware	<= 1.181.5
Tattile	Vega33	-
Tattile	Vega11 Firmware	<= 1.181.5
Tattile	Vega11	-
Tattile	Basic Mk2 Firmware	<= 1.181.5
Tattile	Basic Mk2	-
Tattile	Anpr Mobile Firmware	<= 1.181.5
Tattile	Anpr Mobile	-

Related Weaknesses (CWE)

CWE-306

References

https://www.tattile.com/Product
https://www.vulncheck.com/advisories/tattile-smart-vega-basic-unauthenticated-rtThird Party AdvisoryVDB Entry
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5978.phpThird Party AdvisoryExploit

FAQ

What is CVE-2026-26340?

CVE-2026-26340 is a vulnerability with a CVSS score of 7.5 (HIGH). Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior expose RTSP streams without requiring authentication. A remote attacker can connect to the RTSP service and access l...

How severe is CVE-2026-26340?

CVE-2026-26340 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-26340?

Check the references section above for vendor advisories and patch information. Affected products include: Tattile Smart\+ Firmware, Tattile Smart\+, Tattile Tolling\+ Firmware, Tattile Tolling\+, Tattile Smart\+ Speed Firmware.