cvedb.io
CVE-2026-26342
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2026-02-24T20:27:48.310 · Last modified 2026-06-17T10:26:07.880

Summary

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token (X-User-Token) with insufficient expiration. An attacker who obtains a valid token (for example via interception, log exposure, or token reuse on a shared system) can continue to authenticate to the management interface until the token is revoked, enabling unauthorized access to device functions and data.

Affected products

tattile — smart\+_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when tattile ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.