Volerion logoVolerion
Volerion logoVolerion

Tattile Smart+, Vega, and Basic Families Insufficient Session Token Expiration Vulnerability

Vulnerability

A vulnerability exists in Tattile Smart+, Vega, and Basic device families, specifically in firmware versions through 1.181.5. These devices implement an authentication token, X-User-Token, with inadequate expiration. This flaw allows an attacker who obtains a valid token—potentially through interception, log exposure, or token reuse on a shared system—to maintain authentication to the management interface until the token is revoked. Consequently, this enables unauthorized access to device functions and data.

Impact

Exploitation of this vulnerability allows for unauthorized access to the management interface, enabling a bypass of authentication and access to device functions and data.

Remediation

Tattile has acknowledged this vulnerability and plans to release a patch in May 2026. For the latest information on the vulnerability and its remediation, Tattile users can refer to the Tattile Academy portal.

Added: Feb 24, 2026, 8:33 PM
Updated: Feb 24, 2026, 9:58 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
5.0
exploitability
8.3
remediation
0.0
relevance
3.1
threat
6.4
urgency
2.9
incentive
4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.