CVE-2026-26340
Published: Feb 24, 2026
Modified: Mar 5, 2026
Description
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior expose RTSP streams without requiring authentication. A remote attacker can connect to the RTSP service and access live video/audio streams without valid credentials, resulting in unauthorized disclosure of surveillance data.
| Vendor | Product | Versions |
|---|---|---|
Tattile s.r.l. | Smart+ | affected 0 - <= 1.181.5 |
Tattile s.r.l. | Tolling+ | affected 0 - <= 1.181.5 |
Tattile s.r.l. | Smart+ Speed | affected 0 - <= 1.181.5 |
Tattile s.r.l. | Smart+ Traffic Light | affected 0 - <= 1.181.5 |
Tattile s.r.l. | Axle Counter | affected 0 - <= 1.181.5 |
Tattile s.r.l. | Vega53 | affected 0 - <= 1.181.5 |
Tattile s.r.l. | Vega33 | affected 0 - <= 1.181.5 |
Tattile s.r.l. | Vega11 | affected 0 - <= 1.181.5 |
Tattile s.r.l. | Basic MK2 | affected 0 - <= 1.181.5 |
Tattile s.r.l. | ANPR Mobile | affected 0 - <= 1.181.5 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now