CVE-2026-26341
Default Credentials in Tattile Firmware Allow Unauthorized Admin Access
Publication date: 2026-02-24
Last updated on: 2026-02-26
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tattile | smart+_firmware | to 1.181.5 (inc) |
| tattile | tolling+_firmware | to 1.181.5 (inc) |
| tattile | smart+_speed_firmware | to 1.181.5 (inc) |
| tattile | smart+_traffic_light_firmware | to 1.181.5 (inc) |
| tattile | axle_counter_firmware | to 1.181.5 (inc) |
| tattile | vega53_firmware | to 1.181.5 (inc) |
| tattile | vega33_firmware | to 1.181.5 (inc) |
| tattile | vega11_firmware | to 1.181.5 (inc) |
| tattile | basic_mk2_firmware | to 1.181.5 (inc) |
| tattile | anpr_mobile_firmware | to 1.181.5 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1392 | The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-26341 affects Tattile Smart+, Vega, and Basic device families with firmware versions 1.181.5 and earlier. These devices ship with default credentials that are not required to be changed during installation or commissioning.
An attacker who can access the management interface can authenticate using these default credentials and gain administrative access. This unauthorized access enables the attacker to modify device configurations and access sensitive data.
The vulnerability is classified under CWE-1392 (Use of Default Credentials) and has a critical severity rating with a CVSS v4 score of 9.3.
How can this vulnerability impact me? :
This vulnerability allows an attacker to gain unauthorized administrative access to affected Tattile devices by using default credentials.
- Unauthorized modification of device configurations.
- Access to sensitive data stored or processed by the device.
- Potential denial of service (DoS) attacks against the device.
Because the attack requires no privileges or user interaction and can be performed remotely over the network, the risk is high.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking if Tattile Smart+, Vega, or Basic devices with firmware version 1.181.5 or earlier are present on your network and if their management interfaces are accessible.'}, {'type': 'paragraph', 'content': 'Since the vulnerability involves default credentials that are not changed, one detection method is to attempt authentication to the management interface using known default credentials.'}, {'type': 'paragraph', 'content': 'Network scanning tools can be used to identify devices running the lighttpd web server version 1.4.64, which is used by the affected devices.'}, {'type': 'paragraph', 'content': 'Suggested commands include using tools like nmap to scan for open management ports and identify the device type, for example:'}, {'type': 'list_item', 'content': 'nmap -p 80,443 --script http-title <target-ip>'}, {'type': 'list_item', 'content': 'curl -I http://<target-ip>/ to check the web server headers for lighttpd 1.4.64'}, {'type': 'paragraph', 'content': 'After identifying the device, attempt to log in using the default credentials documented in the proof of concept file "tattile_creds.txt" to verify if the device is vulnerable.'}] [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include changing the default credentials on all affected Tattile devices to strong, unique passwords to prevent unauthorized access.
Restrict network access to the management interfaces of these devices by implementing firewall rules or network segmentation to limit exposure.
Monitor device logs and network traffic for any unauthorized access attempts.
Plan to apply vendor patches when they become available; Tattile has planned patches for May 2026 (week 19) that address this and related vulnerabilities.