{"cve":{"cve_id":"CVE-2026-1612","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00392,"epss_percentile":0.3083,"epss_as_of":"2026-06-23","description":"AL-KO Robolinho Update Software has hard-coded AWS Access and Secret keys that allow anyone to access AL-KO's AWS bucket. Using the keys directly might give the attacker greater access than the app itself. Key grants AT LEAST read access to some of the objects in bucket.\n\nThe vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only versions 8.0.21.0610 and 8.0.22.0524 were tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.","published_at":"2026-03-30T09:56:21.710000Z","last_modified_at":null,"cvss_v3_score":null,"cvss_v3_vector":null,"cvss_v3_severity":null,"cvss_v4_score":6.9,"cvss_v4_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N","cvss_v4_severity":"MEDIUM","ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-798"],"nvd_references":["https://cert.pl/en/posts/2026/03/CVE-2026-1612"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:28:59.560532Z"},"effective_severity":"MEDIUM","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":null,"metrics":[]},"cvss_v4_decoded":{"version":"4.0","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"AT","name":"Attack Requirements","value":"N","value_label":"None"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"VC","name":"Confidentiality (Vulnerable System)","value":"L","value_label":"Low"},{"metric":"VI","name":"Integrity (Vulnerable System)","value":"N","value_label":"None"},{"metric":"VA","name":"Availability (Vulnerable System)","value":"N","value_label":"None"},{"metric":"SC","name":"Confidentiality (Subsequent System)","value":"N","value_label":"None"},{"metric":"SI","name":"Integrity (Subsequent System)","value":"N","value_label":"None"},{"metric":"SA","name":"Availability (Subsequent System)","value":"N","value_label":"None"}]},"affected":[{"vendor_slug":"al-ko","vendor_name":"AL-KO","product_slug":"robolinho-update-software","product_name":"Robolinho Update Software","version_start":"8.0.21.0610","version_start_inclusive":true,"version_end":"8.0.21.0610","version_end_inclusive":true,"cpe23_uri":"cve5:al-ko:robolinho-update-software:8.0.21.0610:8.0.21.0610"},{"vendor_slug":"al-ko","vendor_name":"AL-KO","product_slug":"robolinho-update-software","product_name":"Robolinho Update Software","version_start":"8.0.22.0524","version_start_inclusive":true,"version_end":"8.0.22.0524","version_end_inclusive":true,"cpe23_uri":"cve5:al-ko:robolinho-update-software:8.0.22.0524:8.0.22.0524"}],"exploit_refs":[],"news":[],"references":[{"url":"https://cert.pl/en/posts/2026/03/CVE-2026-1612","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2026-03-30T09:56:21.710000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:50:49.858932Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:50:49.858932Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:50:49.858932Z","label":"CVSS score revised","source":"cvelistv5"}]}