CVE-2026-26418

Published: Mar 5, 2026Modified: Mar 10, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Missing authentication and authorization in the web API of Tata Consultancy Services Cognix Recon Client v3.0 allows remote attackers to access application functionality without restriction via the network.

Affected (1)

Products: Tcs: Cognix Platform

Tcs

1 product

Cognix Platform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Tcs Cognix Platform	Version 3.0

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (3)

https://github.com/aksalsalimi/CVE-2026-26418

Source: cve@mitre.org

Third Party Advisory

https://github.com/aksalsalimi/cognix-recon-client-security-advisories

Source: cve@mitre.org

Third Party Advisory

https://www.tcs.com/what-we-do/services/cognitive-business-operations/solution/cognix-platform-business-agility-enhanced-cx

Source: cve@mitre.org

Product

Timeline

No history available yet.