What is the CVSS score of CVE-2026-26340?

CVE-2026-26340 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.5%.

Which versions of Axle Counter Firmware are affected by CVE-2026-26340?

Tattile Smart+ surveillance devices (versions 1.181.5 and prior) are exposing live video streams to unauthenticated access, creating a critical security and privacy breach.

Is there a public PoC exploit available for CVE-2026-26340?

Yes, a public proof-of-concept exploit is available for CVE-2026-26340. Prioritise patching immediately. EPSS: 0.5%.

How to fix or mitigate CVE-2026-26340?

Within 24 hours: Identify all affected Tattile devices in your environment and document their network locations and footage sensitivity. Within 7 days: Implement network segmentation to restrict RTSP stream access to authorized systems only, and disable RTSP if not operationally required. Within 30 days: Contact Tattile for patch availability and establish a firmware update plan; monitor vendor advisories weekly for patch release and apply immediately upon availability.

Axle Counter Firmware CVE-2026-26340

HIGH

Missing Authentication for Critical Function (CWE-306)

2026-02-24 disclosure@vulncheck.com

Authentication Bypass Axle Counter Firmware Vega11 Firmware Vega53 Firmware Anpr Mobile Firmware Vega33 Firmware Basic Mk2 Firmware

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Feb 26, 2026 - 17:38 vuln.today

Public exploit code

CVE Published

Feb 24, 2026 - 20:27 nvd

HIGH 7.5

DescriptionCVE.org

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior expose RTSP streams without requiring authentication. A remote attacker can connect to the RTSP service and access live video/audio streams without valid credentials, resulting in unauthorized disclosure of surveillance data.

AnalysisAI

Unauthenticated RTSP stream access in multiple Tattile and Vega firmware versions allows remote attackers to view live video and audio feeds without credentials, exposing surveillance data across affected devices. Public exploit code exists for this vulnerability, which impacts Axle Counter, Vega11, Vega53, Vega33, and Anpr Mobile firmware lineups version 1.181.5 and earlier. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Connect to RTSP service port

Exploit

Request live video stream

Impact

Receive unencrypted surveillance data without credentials

Access

Connect to RTSP service port

Exploit

Request live video stream

Impact

Receive unencrypted surveillance data without credentials

Vulnerability AssessmentAI

Exploitation	Tattile Smart+, Vega, or Basic device families running firmware version 1.181.5 or earlier with RTSP service enabled and exposed on network. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 7.5 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	A remote attacker without authentication could exploit this flaw, unauthorized disclosure of surveillance data.
Remediation	Monitor vendor advisories for a patch. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all affected Tattile devices in your environment and document their network locations and footage sensitivity. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-26340 vulnerability details – vuln.today

Back

Axle Counter Firmware CVE-2026-26340

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code