Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token (X-User-Token) with insufficient expiration. An attacker who obtains a valid token (for example via interception, log exposure, or token reuse on a shared system) can continue to authenticate to the management interface until the token is revoked, enabling unauthorized access to device functions and data.
Published: 2026-02-24
CVSS: 9.8
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Download Exploit for CVE-2026-26342 here:
Use Tor Browser to access .onion site.
https://sonitex.com/exploit-61-cve-2019-25441/
https://sonitex.com/exploit-137-cve-2026-25968/
https://sonitex.com/exploit-131-cve-2024-58041/