Hard-coded AWS Key in AL-KO Robolinho Update Software_CVE-2026-1612

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Description

AL-KO Robolinho Update Software has hard-coded AWS Access and Secret keys that allow anyone to access AL-KO's AWS bucket. Using the keys directly might give the attacker greater access than the app itself. Key grants AT LEAST read access to some of the objects in bucket.

The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only versions 8.0.21.0610 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.

Basic Information

ID CVE-2026-1612

Source CERT-PL

Published Mar 30, 2026 at 09:56

Modified Apr 10, 2026 at 10:10

Affected Product

Vendor AL-KO

Product Robolinho Update Software

Version 8.0.21.0610

Affected Versions AL-KO Robolinho Update Software 8.0.21.0610
AL-KO Robolinho Update Software 8.0.22.0524

CWE Classification

CWE-798

References

cert.pl /en/posts/2026/03/CVE-2026-1612

{
    "lastseen": "",
    "description": "AL-KO Robolinho Update Software has hard-coded AWS Access and Secret keys that allow anyone to access AL-KO's AWS bucket. Using the keys directly might give the attacker greater access than the app itself. Key grants AT LEAST read access to some of the objects in bucket.\n\nThe vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only versions 8.0.21.0610 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.",
    "published": "2026-03-30T09:56:21.710Z",
    "modified": "2026-04-10T10:10:56.539Z",
    "type": "cve",
    "title": "Hard-coded AWS Key in AL-KO Robolinho Update Software",
    "source": "CERT-PL",
    "references": "https://cert.pl/en/posts/2026/03/CVE-2026-1612",
    "id": "CVE-2026-1612",
    "bulletinFamily": "",
    "cwe": [
        "CWE-798"
    ],
    "cvelist": null,
    "sourceData": "AL-KO Robolinho Update Software 8.0.21.0610\nAL-KO Robolinho Update Software 8.0.22.0524",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Robolinho Update Software",
    "version": "8.0.21.0610",
    "vendor": "AL-KO",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}