Home / Vulnerability Intelligence / CVE-2026-26417

CVE-2026-26417 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: March 6, 2026

Tata Consultancy Services Cognix Recon Client - Broken Access Control

Published: March 5, 2026Updated: March 6, 2026PoC AvailableRemote Exploitable

Overview

Tata Consultancy Services Cognix Recon Client v3.0 contains a broken access control vulnerability caused by improper authorization in password reset functionality, letting authenticated users reset arbitrary user passwords via crafted requests.

Severity & Score

Severity: High

CVSS Score: 8.1

EPSS Score: 2.7%(Probability of exploitation in next 30 days)

Impact

Authenticated users can reset passwords of any user, leading to account takeover and privilege escalation.

Mitigation

Update to the latest version with fixed password reset authorization.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 8, 2026

🟠 CVE-2026-26417 - High (8.1) A broken access control vulnerability in the password reset functionality of Tata Consultancy Services Cognix Recon Client v3.0 allows authenticated users to reset passwords of arbitrary user accounts via crafted requests. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26417/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

GitHub Repositories(1 repo)

https://github.com/aksalsalimi/CVE-2026-26417

Related Resources

Details

CVE ID: CVE-2026-26417
Severity: High
CVSS Score: 8.1
Type: broken_access_control
Status: unconfirmed
EPSS: 2.7%
Social Posts: 1

CWE

CWE-284

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS Score

2.7%Probability of exploitation in the next 30 days