Cognix Platform
CVE-2026-26418
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Missing authentication and authorization in the web API of Tata Consultancy Services Cognix Recon Client v3.0 allows remote attackers to access application functionality without restriction via the network.
AnalysisAI
Cognix Platform's web API lacks authentication and authorization controls, enabling unauthenticated remote attackers to access restricted application functionality over the network. This vulnerability affects Tata Consultancy Services Cognix Recon Client v3.0 and poses a high risk due to its ease of exploitation and lack of authentication requirements. No patch is currently available.
Technical ContextAI
Classified as CWE-284 (Improper Access Control). Affects the web API of Tata Consultancy component of Cognix Platform. Missing authentication and authorization in the web API of Tata Consultancy Services Cognix Recon Client v3.0 allows remote attackers to access application functionality without restriction via the network.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in Cognix Platform
View allPrivilege escalation in Cognix Platform v3.0 permits authenticated users to bypass authorization controls and assume hig
Cognix Platform's password reset function fails to properly validate user permissions, enabling authenticated attackers
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today