Insufficient Authentication Token Expiration in Tattile Smart+ and Vega Device Firmware
CVE-2026-26342
Key Information:
- Vendor
Tattile S.r.l.
- Vendor
- CVE Published:
- 24 February 2026
Badges
What is CVE-2026-26342?
In the Tattile Smart+, Vega, and Basic device families, the firmware versions 1.181.5 and earlier include a significant security flaw: the authentication token (X-User-Token) lacks a proper expiration mechanism. This deficiency allows attackers to exploit valid tokens, which may be obtained through methods like interception, log exposure, or token reuse on shared systems. As a result, unauthorized users may gain prolonged access to the management interface and its functionalities, leading to potential data breaches and unauthorized manipulation of device settings.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
ANPR Mobile 0 <= 1.181.5
Axle Counter 0 <= 1.181.5
Basic MK2 0 <= 1.181.5
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved