CVE-2026-26416

NVD

https://nvd.nist.gov/vuln/detail/CVE-2026-26416

CWE

https://cwe.mitre.org/data/definitions/269.html

An authorization bypass vulnerability in Tata Consultancy Services Cognix Recon Client v3.0 allows authenticated users to escalate privileges across role boundaries via crafted requests.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name	Vendor	Start Version	End Version
Cognix_platform	Tcs	3.0 (including)	3.0 (including)

Potential Mitigations

https://cwe.mitre.org/data/definitions/122.html
https://cwe.mitre.org/data/definitions/233.html
https://cwe.mitre.org/data/definitions/58.html

References

https://github.com/aksalsalimi/CVE-2026-26416
https://github.com/aksalsalimi/cognix-recon-client-security-advisories
https://www.tcs.com/what-we-do/services/cognitive-business-operations/solution/cognix-platform-business-agility-enhanced-cx

Improper Privilege Management

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References