Description
Smart VPN 1.1.3.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input through the search interface. Attackers can paste a buffer of 2100 characters into the top right search bar to trigger an unhandled exception that crashes the application.
Published: 2026-04-04
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

Smart VPN version 1.1.3.0 includes a buffer overflow in the search interface that can be triggered by an attacker with local access. By submitting an oversized 2100‑character string into the top‑right search bar, the application throws an unhandled exception, causing the process to terminate. This results in a denial of service for the user of the application, but does not provide any compromise of data or privilege escalation.

Affected Systems

The vulnerability affects the Smart VPN product from SmartVPN. The affected version is 1.1.3.0. No other versions are noted in the CNA data.

Risk and Exploitability

The CVSS score is 6.9, indicating a moderate severity. EPSS information is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting that widespread exploitation is not currently known. Exploitation requires local access to the machine running the application. Therefore, the risk is primarily to users with direct access to the vulnerable instance, and an attacker can repeatedly crash the application but cannot gain further privileges or access remote systems.

Generated by OpenCVE AI on April 4, 2026 at 18:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor patch or upgrade Smart VPN to a version where the bug is fixed.
  • If no patch is available, restrict local usage of the application or disable the search feature until a fix is released.
  • Monitor for unexpected application crashes and log error events for investigation.

Generated by OpenCVE AI on April 4, 2026 at 18:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Smartvpn
Smartvpn smart Vpn
Vendors & Products Smartvpn
Smartvpn smart Vpn

Mon, 06 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sat, 04 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
References

Sat, 04 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Description Microsoft Smart VPN 1.1.3.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input through the search interface. Attackers can paste a buffer of 2100 characters into the top right search bar to trigger an unhandled exception that crashes the application. Smart VPN 1.1.3.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input through the search interface. Attackers can paste a buffer of 2100 characters into the top right search bar to trigger an unhandled exception that crashes the application.
Title Microsoft Smart VPN 1.1.3.0 Denial of Service via Search Smart VPN 1.1.3.0 Denial of Service via Search

Sat, 04 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Microsoft Smart VPN 1.1.3.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input through the search interface. Attackers can paste a buffer of 2100 characters into the top right search bar to trigger an unhandled exception that crashes the application.
Title Microsoft Smart VPN 1.1.3.0 Denial of Service via Search
Weaknesses CWE-470
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Smartvpn Smart Vpn
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-06T16:42:33.379Z

Reserved: 2026-04-04T13:16:20.974Z

Link: CVE-2018-25239

cve-icon Vulnrichment

Updated: 2026-04-06T16:42:21.526Z

cve-icon NVD

Status : Deferred

Published: 2026-04-04T14:16:19.293

Modified: 2026-04-16T16:15:56.380

Link: CVE-2018-25239

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T21:57:48Z

Weaknesses