Unrated severityNVD Advisory· Published Feb 24, 2026· Updated Mar 5, 2026

Tattile Smart+ / Vega / Basic <= 1.181.5 Unauthenticated RTSP Stream Disclosure

CVE-2026-26340

Description

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior expose RTSP streams without requiring authentication. A remote attacker can connect to the RTSP service and access live video/audio streams without valid credentials, resulting in unauthorized disclosure of surveillance data.

Affected products

Calendarix/Basicllm-fuzzy
Range: <=1.181.5
Vega/Vegallm-fuzzy
Range: <=1.181.5
Tattile S.r.l./Smart+llm-fuzzy2 versions
<=1.181.5+ 1 more
- (no CPE)range: <=1.181.5
- (no CPE)range: 0
Tattile S.r.l./Vega53v5
Range: 0
Tattile S.r.l./Vega11v5
Range: 0
Tattile S.r.l./Smart+ Speedv5
Range: 0
Tattile s.r.l./Smart+ Traffic Lightv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5978.phpmitretechnical-descriptionexploit
www.vulncheck.com/advisories/tattile-smart-vega-basic-unauthenticated-rtsp-stream-disclosuremitrethird-party-advisory
www.tattile.commitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000