Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.1
Tata Consultancy Services Cognix Recon Client v3.0: Passwords Reset by Any User
CVE-2026-26417
Summary
A security issue in Tata Consultancy Services Cognix Recon Client v3.0 allows anyone who has logged in to change passwords of other users. This means that a user could change another user's password without permission. To protect your organization, update to the latest version of the software as soon as possible.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| tcs | cognix_platform | 3.0 | – |
Original title
A broken access control vulnerability in the password reset functionality of Tata Consultancy Services Cognix Recon Client v3.0 allows authenticated users to reset passwords of arbitrary user accou...
Original description
A broken access control vulnerability in the password reset functionality of Tata Consultancy Services Cognix Recon Client v3.0 allows authenticated users to reset passwords of arbitrary user accounts via crafted requests.
nvd CVSS3.1
8.1
Vulnerability type
CWE-284
Improper Access Control
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026