CVE-2026-26341CRITICAL 9.8EPSS p82.4%

CVE-2026-26341CVE-2026-26341

Description

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain administrative access, enabling unauthorized access to device configuration and data.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS2.46% probability of exploitation · percentile 82.4% · 2026-06-19T12:03:05Z
Published2026-02-24
Last modified2026-02-26

Underlying weaknesses· 1

CWE-1392

References

  1. https://www.tattile.com/
  2. https://www.vulncheck.com/advisories/tattile-smart-vega-basic-default-credentials
  3. https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5977.php

1

TypeTargetConfidenceTier
WeaknessUse of Default Credentialscwe-13920%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-26342
CVE
CVE-2026-25715
CVE
CVE-2026-35075
CVE
CVE-2026-26366
CVE
CVE-2026-27751
CVE
CVE-2026-24789
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.