CVE-2026-26418

Sažetak

Missing authentication and authorization in the web API of Tata Consultancy Services Cognix Recon Client v3.0 allows remote attackers to access application functionality without restriction via the network.

Reference

https://github.com/aksalsalimi/CVE-2026-26418
https://github.com/aksalsalimi/cognix-recon-client-security-advisories
https://www.tcs.com/what-we-do/services/cognitive-business-operations/solution/cognix-platform-business-agility-enhanced-cx

CVSS

Base:	7.5
Impact:	3.6
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Zadnje važnije ažuriranje

10-03-2026 - 18:33

Objavljeno

05-03-2026 - 19:16