CVE-2026-26417

Published: Mar 5, 2026Modified: Mar 10, 2026

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.8 / Impact: 5.2

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

A broken access control vulnerability in the password reset functionality of Tata Consultancy Services Cognix Recon Client v3.0 allows authenticated users to reset passwords of arbitrary user accounts via crafted requests.

Affected (1)

Products: Tcs: Cognix Platform

Tcs

1 product

Cognix Platform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Tcs Cognix Platform	Version 3.0

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://github.com/aksalsalimi/CVE-2026-26417

Source: cve@mitre.org

Third Party Advisory

https://github.com/aksalsalimi/cognix-recon-client-security-advisories

Source: cve@mitre.org

Third Party Advisory

Timeline

No history available yet.