CVE-2026-26418 - Vulnerability Analysis

Overview

Tata Consultancy Services Cognix Recon Client v3.0 contains a broken access control caused by missing authentication and authorization in the web API, letting remote attackers access application functionality without restriction, exploit requires network access.

Severity & Score

Impact

Remote attackers can access application functionality without restriction, potentially leading to unauthorized data access or manipulation.

Mitigation

Update to the latest version with proper authentication and authorization implemented.

References

• https://github.com/aksalsalimi/CVE-2026-26418
• https://github.com/aksalsalimi/cognix-recon-client-security-advisories
• https://www.tcs.com/what-we-do/services/cognitive-business-operations/solution/cognix-platform-business-agility-enhanced-cx

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 8, 2026

🟠 CVE-2026-26418 - High (7.5) Missing authentication and authorization in the web API of Tata Consultancy Services Cognix Recon Client v3.0 allows remote attackers to access application functionality without restriction via the network. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26418/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

GitHub Repositories(1 repo)

• https://github.com/aksalsalimi/CVE-2026-26418

Related Resources

• Vulnerability Intelligence Dashboard
• Credential Scanner