CVE-2026-26417

High

Published: 05 March 2026

Published

05 March 2026

Modified

10 March 2026

KEV Added

—

Patch

—

CVSS Score 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS Score 0.0003 10.2th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-26417 is a high-severity Improper Access Control (CWE-284) vulnerability in Tcs Cognix Platform. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 10.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-5 (Authenticator Management).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

Enforces approved access control policies to prevent low-privileged authenticated users from resetting passwords of arbitrary accounts via the vulnerable endpoint.

IA-5 Authenticator Management good match

prevent

Mandates secure authenticator management with identity verification, directly mitigating unauthorized password resets for arbitrary users.

AC-6 Least Privilege partial match

prevent

Limits privileges to the least necessary, reducing the risk of low-privileged users accessing password reset functions for other accounts.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

T1078 Valid Accounts Stealth

Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.

attack.mitre.org →

T1098 Account Manipulation Persistence

Adversaries may manipulate accounts to maintain and/or elevate access to victim systems.

attack.mitre.org →

Why these techniques?

Broken access control in password reset allows low-priv authenticated user to arbitrarily reset any account password, directly enabling account manipulation (T1098) for takeover, abuse of valid accounts (T1078), and privilege escalation via the resulting access (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A broken access control vulnerability in the password reset functionality of Tata Consultancy Services Cognix Recon Client v3.0 allows authenticated users to reset passwords of arbitrary user accounts via crafted requests.

Deeper analysisAI

CVE-2026-26417 is a broken access control vulnerability (CWE-284) in the password reset functionality of Tata Consultancy Services Cognix Recon Client version 3.0. Published on 2026-03-05, it carries a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N), indicating high severity due to its potential for significant confidentiality and integrity impacts without requiring user interaction or elevated privileges beyond basic authentication.

An authenticated user with low privileges (PR:L) can exploit this vulnerability remotely over the network (AV:N) with low attack complexity (AC:L) by crafting malicious requests to the password reset endpoint. This allows the attacker to reset passwords for arbitrary user accounts, potentially enabling full account takeover and unauthorized access to sensitive data or systems associated with those accounts.

Advisories and further details are available in the dedicated repositories at https://github.com/aksalsalimi/CVE-2026-26417 and https://github.com/aksalsalimi/cognix-recon-client-security-advisories, which provide additional context on the issue.