{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T16:45:54.272","vulnerabilities":[{"cve":{"id":"CVE-2026-26340","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-02-24T20:27:47.793","lastModified":"2026-02-26T17:38:44.440","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior expose RTSP streams without requiring authentication. A remote attacker can connect to the RTSP service and access live video/audio streams without valid credentials, resulting in unauthorized disclosure of surveillance data."},{"lang":"es","value":"Las versiones de firmware 1.181.5 y anteriores de las familias de dispositivos Tattile Smart+, Vega y Basic exponen flujos RTSP sin requerir autenticación. Un atacante remoto puede conectarse al servicio RTSP y acceder a flujos de video/audio en vivo sin credenciales válidas, lo que resulta en la divulgación no autorizada de datos de vigilancia."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:tattile:smart\\+_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.181.5","matchCriteriaId":"75DF648A-23A7-4CD7-A7AA-EC4E5041C11A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:tattile:smart\\+:-:*:*:*:*:*:*:*","matchCriteriaId":"B19D09F0-9D90-4D42-8866-351C464B45BC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:tattile:tolling\\+_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.181.5","matchCriteriaId":"7CC79296-730F-40BF-A4CC-CB711452BFCF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:tattile:tolling\\+:-:*:*:*:*:*:*:*","matchCriteriaId":"7085AB6F-B3A7-48B3-996A-DF842B2D7217"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:tattile:smart\\+_speed_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.181.5","matchCriteriaId":"6FCA661E-7976-4F6A-A79E-FFC3355C4A90"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:tattile:smart\\+_speed:-:*:*:*:*:*:*:*","matchCriteriaId":"F3DE404C-063D-4775-9C8B-972D5C34B128"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:tattile:smart\\+_traffic_light_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.181.5","matchCriteriaId":"83B0F41B-E7F4-4D72-B041-A27AC19EF8BA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:tattile:smart\\+_traffic_light:-:*:*:*:*:*:*:*","matchCriteriaId":"9648971C-A3ED-4E3C-AC58-EC8E24C1BACD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:tattile:axle_counter_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.181.5","matchCriteriaId":"A0360803-0FF4-46FB-913D-FD0724C74139"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:tattile:axle_counter:-:*:*:*:*:*:*:*","matchCriteriaId":"48535F53-6935-4F1B-B0CA-71721D82B344"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:tattile:vega53_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.181.5","matchCriteriaId":"09CF177A-3D69-4F47-8028-F83493CF0178"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:tattile:vega53:-:*:*:*:*:*:*:*","matchCriteriaId":"DA18F44D-09EC-462A-AEE1-2734F74D9214"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:tattile:vega33_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.181.5","matchCriteriaId":"FC4C241F-FF66-480B-8708-FDC1814DE167"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:tattile:vega33:-:*:*:*:*:*:*:*","matchCriteriaId":"88626B12-E13C-4606-81E1-998C74CD6485"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:tattile:vega11_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.181.5","matchCriteriaId":"026FF8B9-AEA6-45FF-8FA9-BE97C20A66E1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:tattile:vega11:-:*:*:*:*:*:*:*","matchCriteriaId":"918205FF-3BC6-4A38-980A-CE0BF36EE9EF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:tattile:basic_mk2_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.181.5","matchCriteriaId":"72B5F07C-949A-440F-AB94-46C5AF5F46C3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:tattile:basic_mk2:-:*:*:*:*:*:*:*","matchCriteriaId":"A59DD6EA-AE66-4AF6-A2F0-5A84F2F809BB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:tattile:anpr_mobile_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.181.5","matchCriteriaId":"FF40F60E-1D89-4A51-B1AC-0BE34878AD1E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:tattile:anpr_mobile:-:*:*:*:*:*:*:*","matchCriteriaId":"7456A228-07C2-4E9A-98A9-8485F993C281"}]}]}],"references":[{"url":"https://www.tattile.com/","source":"disclosure@vulncheck.com","tags":["Product"]},{"url":"https://www.vulncheck.com/advisories/tattile-smart-vega-basic-unauthenticated-rtsp-stream-disclosure","source":"disclosure@vulncheck.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5978.php","source":"disclosure@vulncheck.com","tags":["Third Party Advisory","Exploit"]}]}}]}