CVE-2026-26341 is a vulnerability classified under CWE-1392 (Use of Default Credentials) affecting Tattile s.r.l.'s Smart+, Vega, and Basic device families running firmware version 1.181.5 and prior. These devices ship with factory default administrative credentials that are neither randomized nor forced to be changed during installation or commissioning. Consequently, any attacker who can reach the device's management interface over the network can authenticate using these default credentials without requiring any privileges or user interaction. This grants the attacker full administrative access to the device, enabling unauthorized changes to device configurations, potential disruption of device operations, and access to sensitive data stored or processed by the device. The vulnerability is network exploitable (AV:N), requires no authentication (PR:N), no user interaction (UI:N), and impacts confidentiality, integrity, and availability at a high level (VC:H/VI:H/VA:H). The lack of forced credential updates during setup is a critical security oversight, increasing the attack surface significantly. Although no known exploits are currently reported in the wild, the vulnerability's characteristics make it highly exploitable in practice, especially in environments where these devices are accessible from untrusted networks or insufficiently segmented internal networks. The absence of a patch or forced mitigation in firmware versions up to 1.181.5 necessitates immediate compensating controls.

The impact of this vulnerability is severe for organizations deploying Tattile Smart+, Vega, and Basic devices. Unauthorized administrative access can lead to full compromise of device configurations, enabling attackers to alter device behavior, disable security features, or disrupt critical functions. Confidential data managed or transmitted by these devices can be exposed or manipulated, risking data breaches and operational integrity. Since these devices are often used in industrial, traffic monitoring, or security contexts, exploitation could result in operational downtime, safety hazards, or loss of trust in monitoring systems. The ease of exploitation without authentication or user interaction means attackers can quickly gain control once network access is obtained. This risk is amplified in environments where management interfaces are exposed to broader networks or the internet without proper segmentation or access controls. The vulnerability could also serve as a foothold for lateral movement within enterprise networks, potentially leading to broader compromise.

Organizations should immediately implement the following mitigations: 1) Change all default credentials on affected devices before deployment or as soon as possible if already deployed. 2) Restrict network access to the management interfaces by implementing network segmentation, firewall rules, and VPN access to limit exposure only to trusted administrators. 3) Monitor network traffic and device logs for unauthorized access attempts or suspicious activity related to these devices. 4) If possible, upgrade to firmware versions beyond 1.181.5 that address this issue or apply vendor-provided patches once available. 5) Employ multi-factor authentication (MFA) for device management interfaces if supported. 6) Conduct regular security audits and penetration tests focusing on device management interfaces. 7) Educate installation and commissioning personnel about the criticality of changing default credentials and enforce policies to ensure compliance. 8) Consider deploying intrusion detection/prevention systems (IDS/IPS) to detect exploitation attempts targeting these devices.