CVE-2026-26341
Published: Feb 24, 2026
Modified: Mar 5, 2026
Description
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain administrative access, enabling unauthorized access to device configuration and data.
| Vendor | Product | Versions |
|---|---|---|
Tattile s.r.l. | Smart+ | affected 0 - <= 1.181.5 |
Tattile s.r.l. | Tolling+ | affected 0 - <= 1.181.5 |
Tattile s.r.l. | Smart+ Speed | affected 0 - <= 1.181.5 |
Tattile s.r.l. | Smart+ Traffic Light | affected 0 - <= 1.181.5 |
Tattile s.r.l. | Axle Counter | affected 0 - <= 1.181.5 |
Tattile s.r.l. | Vega53 | affected 0 - <= 1.181.5 |
Tattile s.r.l. | Vega33 | affected 0 - <= 1.181.5 |
Tattile s.r.l. | Vega11 | affected 0 - <= 1.181.5 |
Tattile s.r.l. | Basic MK2 | affected 0 - <= 1.181.5 |
Tattile s.r.l. | ANPR Mobile | affected 0 - <= 1.181.5 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now