CVE-2026-26417HIGH 8.1EPSS p19.0%

CVE-2026-26417CVE-2026-26417

Description

A broken access control vulnerability in the password reset functionality of Tata Consultancy Services Cognix Recon Client v3.0 allows authenticated users to reset passwords of arbitrary user accounts via crafted requests.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS0.27% probability of exploitation · percentile 19.0% · 2026-06-19T12:03:05Z
Published2026-03-05
Last modified2026-03-10

Underlying weaknesses· 1

CWE-284

References

  1. https://github.com/aksalsalimi/CVE-2026-26417
  2. https://github.com/aksalsalimi/cognix-recon-client-security-advisories

1

TypeTargetConfidenceTier
WeaknessImproper Access Controlcwe-2840%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-26416
CVE
CVE-2026-1670
CVE
CVE-2026-25654
CVE
CVE-2025-48986
CVE
CVE-2025-63314
CVE
CVE-2026-32865
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.