CVE-2026-26417

EIP tracks 2 public exploits for CVE-2026-26417. PoCs published by XiaomingX, aksalsalimi.

AI-analyzed exploit summary This repository provides a detailed technical writeup on CVE-2026-26417, a broken access control vulnerability in TCS Cognix Recon Client v3.0, allowing authenticated users to reset arbitrary passwords via crafted API requests. It includes CWE classifications, affected endpoints, and remediation details.

A broken access control vulnerability in the password reset functionality of Tata Consultancy Services Cognix Recon Client v3.0 allows authenticated users to reset passwords of arbitrary user accounts via crafted requests.