CVE-2026-26417

← CVEs

HIGH 8.1

Published

2026-03-05

Last Modified

2026-03-10

Affected Apps

Affected Devices

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

A broken access control vulnerability in the password reset functionality of Tata Consultancy Services Cognix Recon Client v3.0 allows authenticated users to reset passwords of arbitrary user accounts via crafted requests.

Affected Applications in Environment 4

1 device

1 device

2 devices

1 device

Affected Devices 5

DPEXAN-5CD017CV Windows DPHSNG-34Y86X3 Windows DPMATH-C11312G9 Windows FL217-2-ADOTTER Windows MICHELLEUSUHP Windows

References 2

https://github.com/aksalsalimi/CVE-2026-26417
https://github.com/aksalsalimi/cognix-recon-client-security-advisories