CVE-2026-26342
Published: Feb 24, 2026
Modified: Mar 5, 2026
Description
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token (X-User-Token) with insufficient expiration. An attacker who obtains a valid token (for example via interception, log exposure, or token reuse on a shared system) can continue to authenticate to the management interface until the token is revoked, enabling unauthorized access to device functions and data.
| Vendor | Product | Versions |
|---|---|---|
Tattile s.r.l. | Smart+ | affected 0 - <= 1.181.5 |
Tattile s.r.l. | Tolling+ | affected 0 - <= 1.181.5 |
Tattile s.r.l. | Smart+ Speed | affected 0 - <= 1.181.5 |
Tattile s.r.l. | Smart+ Traffic Light | affected 0 - <= 1.181.5 |
Tattile s.r.l. | Axle Counter | affected 0 - <= 1.181.5 |
Tattile s.r.l. | Vega53 | affected 0 - <= 1.181.5 |
Tattile s.r.l. | Vega33 | affected 0 - <= 1.181.5 |
Tattile s.r.l. | Vega11 | affected 0 - <= 1.181.5 |
Tattile s.r.l. | Basic MK2 | affected 0 - <= 1.181.5 |
Tattile s.r.l. | ANPR Mobile | affected 0 - <= 1.181.5 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now