Home / Vulnerability Intelligence / CVE-2026-26418

CVE-2026-26418 - Vulnerability Analysis

N/a

Last Updated: March 5, 2026

Tata Consultancy Services Cognix Recon Client - Broken Access Control

Published: March 5, 2026Updated: March 5, 2026PoC Available

Overview

Tata Consultancy Services Cognix Recon Client v3.0 contains a broken access control caused by missing authentication and authorization in the web API, letting remote attackers access application functionality without restriction, exploit requires network access.

Severity & Score

Severity: N/a

Impact

Remote attackers can access application functionality without restriction, potentially leading to unauthorized data access or manipulation.

Mitigation

Update to the latest version with proper authentication and authorization implemented.

References

https://github.com/aksalsalimi/cognix-recon-client-security-advisories
https://www.tcs.com/what-we-do/services/cognitive-business-operations/solution/cognix-platform-business-agility-enhanced-cx
https://github.com/aksalsalimi/CVE-2026-26418

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-26418
Severity: N/a
Type: broken_access_control
Status: unconfirmed

CVSS Metrics

N/A