CVE-2026-26418

Exploitation Summary

EIP tracks 2 public exploits for CVE-2026-26418. PoCs published by XiaomingX, aksalsalimi.

AI-analyzed exploit summary This repository provides a detailed technical writeup on CVE-2026-26418, a missing authentication and authorization vulnerability in TCS Cognix Recon Client v3.0. It includes affected endpoints, CWE classifications, and remediation details.

Description

Missing authentication and authorization in the web API of Tata Consultancy Services Cognix Recon Client v3.0 allows remote attackers to access application functionality without restriction via the network.

Exploits (2)

github WRITEUP 10 stars

by XiaomingX · pythonpoc

https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-26418

View Code ZIP pw:eip

This repository provides a detailed technical writeup on CVE-2026-26418, a missing authentication and authorization vulnerability in TCS Cognix Recon Client v3.0. It includes affected endpoints, CWE classifications, and remediation details.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: TCS Cognix Recon Client v3.0

No auth needed

Prerequisites: Network access to the affected endpoints

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Mar 06, 2026 Full analysis →

nomisec WRITEUP

by aksalsalimi · poc

https://github.com/aksalsalimi/CVE-2026-26418