Description
An authorization bypass vulnerability in Tata Consultancy Services Cognix Recon Client v3.0 allows authenticated users to escalate privileges across role boundaries via crafted requests.
Published: 2026-03-05
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Apply Patch
AI Analysis

Impact

The vulnerability is an authorization bypass that allows users who have valid authentication to elevate their privileges across defined role boundaries. It stems from improper privilege management, enabling an attacker to gain higher-level permissions than intended. The impact is that an attacker, once authenticated, can potentially control sensitive data or perform administrative actions, compromising both confidentiality and integrity of the system.

Affected Systems

The affected product is Tata Consultancy Services Cognix Recon Client version 3.0. No other vendors or product versions are listed as affected.

Risk and Exploitability

The vulnerability received a high severity CVSS score of 8.8, indicating a serious risk. The EPSS score is less than 1%, suggesting that exploitation in the wild is currently unlikely. It is not listed in the CISA Known Exploited Vulnerabilities catalog. The attack requires authenticated access and the ability to craft specific requests to trigger the privilege escalation. The typical attack vector is an authenticated user sending specially crafted API requests within the Cognix Recon Client. Based on the description, the likely attack vector is an authenticated user sending such requests.

Generated by OpenCVE AI on April 17, 2026 at 12:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Cognix Recon Client to the latest release that includes the authorization bypass fix, if a patched version is available from TCS
  • Restrict access to the endpoints that handle role assignments using network segmentation or firewall rules to limit exposure to malicious crafted requests
  • Enforce strict role‑based access control and the principle of least privilege; regularly audit role assignments to ensure no unintended privilege escalation paths exist

Generated by OpenCVE AI on April 17, 2026 at 12:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Title Authorization bypass in TCS Cognix Recon Client enabling privilege escalation

Tue, 10 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Tcs cognix Platform
CPEs cpe:2.3:a:tcs:cognix_platform:3.0:*:*:*:*:*:*:*
Vendors & Products Tcs cognix Platform

Fri, 06 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Tcs
Tcs cognix Recon Client
Vendors & Products Tcs
Tcs cognix Recon Client

Fri, 06 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-269
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 05 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Description An authorization bypass vulnerability in Tata Consultancy Services Cognix Recon Client v3.0 allows authenticated users to escalate privileges across role boundaries via crafted requests.
References

Subscriptions

Tcs Cognix Platform Cognix Recon Client
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-06T09:51:06.653Z

Reserved: 2026-02-16T00:00:00.000Z

Link: CVE-2026-26416

cve-icon Vulnrichment

Updated: 2026-03-06T09:50:52.679Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-05T19:16:04.560

Modified: 2026-03-10T19:00:58.777

Link: CVE-2026-26416

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T13:00:12Z

Weaknesses