CVE-2026-26340

UNKNOWN 0.0

Tattile Smart+ / Vega / Basic <= 1.181.5 Unauthenticated RTSP Stream Disclosure

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior expose RTSP streams without requiring authentication. A remote attacker can connect to the RTSP service and access live video/audio streams without valid credentials, resulting in unauthorized disclosure of surveillance data.

CWE	CWE-306
Vendor	tattile s.r.l.
Product	smart+
Published	Feb 24, 2026
Last Updated	Mar 5, 2026

Stay Ahead of the Next One

Get instant alerts for tattile s.r.l. smart+

Be the first to know when new unknown vulnerabilities affecting tattile s.r.l. smart+ are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Tattile s.r.l. / Smart+

0 ≤ 1.181.5

Tattile s.r.l. / Tolling+

0 ≤ 1.181.5

Tattile s.r.l. / Smart+ Speed

0 ≤ 1.181.5

Tattile s.r.l. / Smart+ Traffic Light

0 ≤ 1.181.5

Tattile s.r.l. / Axle Counter

0 ≤ 1.181.5

Tattile s.r.l. / Vega53

0 ≤ 1.181.5

Tattile s.r.l. / Vega33

0 ≤ 1.181.5

Tattile s.r.l. / Vega11

0 ≤ 1.181.5

Tattile s.r.l. / Basic MK2

0 ≤ 1.181.5

Tattile s.r.l. / ANPR Mobile

0 ≤ 1.181.5

References

NVD ↗ CVE.org ↗ EPSS Data ↗

zeroscience.mk: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5978.php tattile.com: https://www.tattile.com/ vulncheck.com: https://www.vulncheck.com/advisories/tattile-smart-vega-basic-unauthenticated-rtsp-stream-disclosure

Credits

Gjoko Krstic of Zero Science Lab