Vulnerability Description
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token (X-User-Token) with insufficient expiration. An attacker who obtains a valid token (for example via interception, log exposure, or token reuse on a shared system) can continue to authenticate to the management interface until the token is revoked, enabling unauthorized access to device functions and data.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tattile | Smart\+ Firmware | <= 1.181.5 |
| Tattile | Smart\+ | - |
| Tattile | Tolling\+ Firmware | <= 1.181.5 |
| Tattile | Tolling\+ | - |
| Tattile | Smart\+ Speed Firmware | <= 1.181.5 |
| Tattile | Smart\+ Speed | - |
| Tattile | Smart\+ Traffic Light Firmware | <= 1.181.5 |
| Tattile | Smart\+ Traffic Light | - |
| Tattile | Axle Counter Firmware | <= 1.181.5 |
| Tattile | Axle Counter | - |
| Tattile | Vega53 Firmware | <= 1.181.5 |
| Tattile | Vega53 | - |
| Tattile | Vega33 Firmware | <= 1.181.5 |
| Tattile | Vega33 | - |
| Tattile | Vega11 Firmware | <= 1.181.5 |
| Tattile | Vega11 | - |
| Tattile | Basic Mk2 Firmware | <= 1.181.5 |
| Tattile | Basic Mk2 | - |
| Tattile | Anpr Mobile Firmware | <= 1.181.5 |
| Tattile | Anpr Mobile | - |
Related Weaknesses (CWE)
References
- https://www.tattile.com/Product
- https://www.vulncheck.com/advisories/tattile-smart-vega-basic-insufficient-sessiVDB EntryVendor Advisory
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5976.phpVendor AdvisoryExploit
FAQ
What is CVE-2026-26342?
CVE-2026-26342 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token (X-User-Token) with insufficient expiration. An attacker who obtains a valid token...
How severe is CVE-2026-26342?
CVE-2026-26342 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2026-26342?
Check the references section above for vendor advisories and patch information. Affected products include: Tattile Smart\+ Firmware, Tattile Smart\+, Tattile Tolling\+ Firmware, Tattile Tolling\+, Tattile Smart\+ Speed Firmware.