Login Sign Up

CVE-2026-26341

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

Tattile Smart+, Vega, and Basic device families ship with default administrative credentials that cannot be changed during initial setup. Attackers who can access the management interface can use these credentials to gain full administrative control, compromising device configuration and sensitive data. All organizations using affected firmware versions are vulnerable.

💻 Affected Systems

Products:
  • Tattile Smart+
  • Tattile Vega
  • Tattile Basic
Versions: 1.181.5 and prior
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All devices with factory default configuration are vulnerable. The vulnerability exists because the installation process does not force credential changes.

📦 What is this software?

Anpr Mobile Firmware by Tattile

View all CVEs affecting Anpr Mobile Firmware →

Axle Counter Firmware by Tattile

View all CVEs affecting Axle Counter Firmware →

Basic Mk2 Firmware by Tattile

View all CVEs affecting Basic Mk2 Firmware →

Smart\+ Firmware by Tattile

View all CVEs affecting Smart\+ Firmware →

Smart\+ Speed Firmware by Tattile

View all CVEs affecting Smart\+ Speed Firmware →

Smart\+ Traffic Light Firmware by Tattile

View all CVEs affecting Smart\+ Traffic Light Firmware →

Tolling\+ Firmware by Tattile

View all CVEs affecting Tolling\+ Firmware →

Vega11 Firmware by Tattile

View all CVEs affecting Vega11 Firmware →

Vega33 Firmware by Tattile

View all CVEs affecting Vega33 Firmware →

Vega53 Firmware by Tattile

View all CVEs affecting Vega53 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover allowing attackers to reconfigure devices, exfiltrate sensitive data, disable security functions, or use devices as footholds into internal networks.

🟠

Likely Case

Unauthorized access to device management interfaces leading to configuration changes, data theft, or device disruption.

🟢

If Mitigated

Limited impact if devices are isolated from untrusted networks and default credentials were manually changed during deployment.

🌐 Internet-Facing: HIGH - Internet-exposed devices with default credentials are trivial to exploit.
🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires knowledge of default credentials and network access to management interface. No authentication bypass needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tattile.com/

Restart Required: No

Instructions:

No official patch available. Follow workarounds below.

🔧 Temporary Workarounds

Change Default Credentials

all

Manually change all default administrative credentials on affected devices

Login to device management interface
Navigate to user/administrator settings
Change default username and password to strong unique credentials

Network Segmentation

all

Isolate Tattile devices from untrusted networks and restrict management interface access

Configure firewall rules to restrict access to device management ports
Place devices in separate VLAN with strict access controls

🧯 If You Can't Patch

  • Implement strict network access controls to limit who can reach device management interfaces
  • Monitor authentication logs for attempts using default credentials and implement alerting

🔍 How to Verify

Check if Vulnerable:

Check if device firmware version is 1.181.5 or earlier and test if default credentials work on management interface

Check Version:

Check device web interface or console for firmware version information

Verify Fix Applied:

Verify default credentials no longer work and strong unique credentials are required

📡 Detection & Monitoring

Log Indicators:

  • Authentication attempts using default usernames
  • Multiple failed login attempts followed by successful login
  • Configuration changes from unexpected sources

Network Indicators:

  • Unusual traffic patterns to device management ports
  • Authentication requests from unexpected IP addresses

SIEM Query:

source="tattile_device" AND (event_type="authentication" AND (username="admin" OR username="root" OR username="administrator"))

📊 Metadata

CVE ID: CVE-2026-26341
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-1392
Published: February 24, 2026
Last Updated: February 26, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-26341, you might also want to check these:

CVE-2023-3703 10.0

Proscend ICR Series routers with firmware version 1.76 have default administrative credentials that ...

Same vulnerability type (CWE-1392)
CVE-2022-50803 9.8

JM-DATA ONU JF511-TV devices running version 1.0.67 have hardcoded default administrative credential...

Same vulnerability type (CWE-1392)
CVE-2025-34516 9.8

Ilevia EVE X1 Server firmware versions up to 4.7.18.0.eden contain hardcoded default credentials tha...

Same vulnerability type (CWE-1392)