CVE-2026-26342— Tattile Smart+ 代码问题漏洞

Tattile Smart+ / Vega / Basic <= 1.181.5 Insufficient Session Token Expiration

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token (X-User-Token) with insufficient expiration. An attacker who obtains a valid token (for example via interception, log exposure, or token reuse on a shared system) can continue to authenticate to the management interface until the token is revoked, enabling unauthorized access to device functions and data.

N/A

不充分的会话过期机制

Tattile Smart+ 代码问题漏洞

Tattile Smart+是意大利Tattile公司的一个智能车牌识别摄像机。 Tattile Smart+、Vega和Basic 1.181.5及之前版本存在代码问题漏洞，该漏洞源于身份验证令牌过期机制不足，可能导致攻击者在令牌被撤销前持续访问管理界面。

N/A

N/A