CVE-2026-26417

HIGH

TCS Cognix Recon Client 3.0 - Privilege Escalation

Title source: llm

Description

A broken access control vulnerability in the password reset functionality of Tata Consultancy Services Cognix Recon Client v3.0 allows authenticated users to reset passwords of arbitrary user accounts via crafted requests.

Exploits (1)

github WRITEUP 10 stars

by XiaomingX · pythonpoc

https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-26417

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://github.com/aksalsalimi/CVE-2026-26417

[Various Sources] https://github.com/aksalsalimi/cognix-recon-client-security-advisories

Scores

CVSS v3 8.1

EPSS 0.0003

EPSS Percentile 7.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Classification

CWE

CWE-284

Status draft

Timeline

Published Mar 05, 2026

Tracked Since Mar 06, 2026