CVE-2026-26417 - Vulnerability Analysis
N/aLast Updated: March 5, 2026
Tata Consultancy Services Cognix Recon Client - Broken Access Control
Published: March 5, 2026Updated: March 5, 2026PoC Available
Overview
Tata Consultancy Services Cognix Recon Client v3.0 contains a broken access control vulnerability caused by improper authorization in password reset functionality, letting authenticated users reset arbitrary user passwords via crafted requests.
Severity & Score
Severity: N/a
Impact
Authenticated users can reset passwords of any user, leading to account takeover and privilege escalation.
Mitigation
Update to the latest version with fixed password reset authorization.
References
Related Resources
Details
- CVE ID
- CVE-2026-26417
- Severity
- N/a
- Type
- broken_access_control
- Status
- unconfirmed
CVSS Metrics
N/A