Cognix Platform
CVE-2026-26416
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
An authorization bypass vulnerability in Tata Consultancy Services Cognix Recon Client v3.0 allows authenticated users to escalate privileges across role boundaries via crafted requests.
AnalysisAI
Privilege escalation in Cognix Platform v3.0 permits authenticated users to bypass authorization controls and assume higher-privileged roles through specially crafted requests. This vulnerability affects all users with valid credentials and could allow attackers to gain unauthorized administrative access. No patch is currently available.
Technical ContextAI
Classified as CWE-269 (Improper Privilege Management). Affects the Tata Consultancy component of Cognix Platform. An authorization bypass vulnerability in Tata Consultancy Services Cognix Recon Client v3.0 allows authenticated users to escalate privileges across role boundaries via crafted requests.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in Cognix Platform
View allCognix Platform's password reset function fails to properly validate user permissions, enabling authenticated attackers
Cognix Platform's web API lacks authentication and authorization controls, enabling unauthenticated remote attackers to
Same weakness CWE-269 – Improper Privilege Management
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today