CVE-2026-26342 – Tattile Smart+ / Vega / Basic

CVE ID : CVE-2026-26342

Published : Feb. 24, 2026, 8:27 p.m. | 38 minutes ago

Description : Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token (X-User-Token) with insufficient expiration. An attacker who obtains a valid token (for example via interception, log exposure, or token reuse on a shared system) can continue to authenticate to the management interface until the token is revoked, enabling unauthorized access to device functions and data.

Severity: 8.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…