CVE-2026-26341
Received Received - Intake
Default Credentials in Tattile Firmware Allow Unauthorized Admin Access

Publication date: 2026-02-24

Last updated on: 2026-02-26

Assigner: VulnCheck

Description
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain administrative access, enabling unauthorized access to device configuration and data.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-24
Last Modified
2026-02-26
Generated
2026-06-16
AI Q&A
2026-02-24
EPSS Evaluated
2026-06-14
NVD
CVE-2026-26341
EUVD
EUVD-2026-8551
Affected Vendors & Products
Showing 10 associated CPEs
Vendor Product Version / Range
tattile smart+_firmware to 1.181.5 (inc)
tattile tolling+_firmware to 1.181.5 (inc)
tattile smart+_speed_firmware to 1.181.5 (inc)
tattile smart+_traffic_light_firmware to 1.181.5 (inc)
tattile axle_counter_firmware to 1.181.5 (inc)
tattile vega53_firmware to 1.181.5 (inc)
tattile vega33_firmware to 1.181.5 (inc)
tattile vega11_firmware to 1.181.5 (inc)
tattile basic_mk2_firmware to 1.181.5 (inc)
tattile anpr_mobile_firmware to 1.181.5 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1392 The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-26341 affects Tattile Smart+, Vega, and Basic device families with firmware versions 1.181.5 and earlier. These devices ship with default credentials that are not required to be changed during installation or commissioning.

An attacker who can access the management interface can authenticate using these default credentials and gain administrative access. This unauthorized access enables the attacker to modify device configurations and access sensitive data.

The vulnerability is classified under CWE-1392 (Use of Default Credentials) and has a critical severity rating with a CVSS v4 score of 9.3.

Impact Analysis

This vulnerability allows an attacker to gain unauthorized administrative access to affected Tattile devices by using default credentials.

  • Unauthorized modification of device configurations.
  • Access to sensitive data stored or processed by the device.
  • Potential denial of service (DoS) attacks against the device.

Because the attack requires no privileges or user interaction and can be performed remotely over the network, the risk is high.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking if Tattile Smart+, Vega, or Basic devices with firmware version 1.181.5 or earlier are present on your network and if their management interfaces are accessible.'}, {'type': 'paragraph', 'content': 'Since the vulnerability involves default credentials that are not changed, one detection method is to attempt authentication to the management interface using known default credentials.'}, {'type': 'paragraph', 'content': 'Network scanning tools can be used to identify devices running the lighttpd web server version 1.4.64, which is used by the affected devices.'}, {'type': 'paragraph', 'content': 'Suggested commands include using tools like nmap to scan for open management ports and identify the device type, for example:'}, {'type': 'list_item', 'content': 'nmap -p 80,443 --script http-title <target-ip>'}, {'type': 'list_item', 'content': 'curl -I http://<target-ip>/ to check the web server headers for lighttpd 1.4.64'}, {'type': 'paragraph', 'content': 'After identifying the device, attempt to log in using the default credentials documented in the proof of concept file "tattile_creds.txt" to verify if the device is vulnerable.'}] [1, 2]

Mitigation Strategies

Immediate mitigation steps include changing the default credentials on all affected Tattile devices to strong, unique passwords to prevent unauthorized access.

Restrict network access to the management interfaces of these devices by implementing firewall rules or network segmentation to limit exposure.

Monitor device logs and network traffic for any unauthorized access attempts.

Plan to apply vendor patches when they become available; Tattile has planned patches for May 2026 (week 19) that address this and related vulnerabilities.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-26341. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart