CVE-2026-26342

Name of the Vulnerable Software and Affected Versions Tattile Smart+, Vega, and Basic device families versions 1.181.5 and prior

Description The affected devices implement an authentication token (X-User-Token) with insufficient expiration. An attacker who obtains a valid token, for example through interception, log exposure, or token reuse on a shared system, can continue to authenticate to the management interface until the token is revoked. This enables unauthorized access to device functions and data.

Recommendations Versions prior to 1.181.5 should be updated.