CVE-2026-26341 CRITICAL

CVE-2026-26341: Tattile Smart+ / Vega / Basic <= 1.181.5 Default Credentials

Vendor Tattile S.r.l.
Product Smart+
Weakness CWE-1392
Published February 24, 2026
Last update March 5, 2026

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain administrative access, enabling unauthorized access to device configuration and data.

Key dates

02Disclosure timeline

February 24, 2026 CVE published
March 5, 2026 Record updated