Description
Watchr 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 8145 characters into the search bar and trigger a search operation to cause the application to crash.
Published: 2026-04-04
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Update Software
AI Analysis

Impact

This flaw allows a local attacker to crash the Watchr application by submitting an excessively long string into its search bar, resulting in a denial of service. The vulnerability arises from uncontrolled buffer consumption, as indicated by its CWE‑1260 classification. Because the crash is triggered by a specific user action, an attacker would be limited to local denial of service on the machine running the software.

Affected Systems

The affected product is Watchr version 1.1.0.0. No additional versions are listed. Users running this release should verify whether the vendor has issued a patch or newer version.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity, and the EPSS score is not available, providing no insight into exploit probability. This vulnerability is not listed in the CISA KEV catalog, suggesting it is not currently known to be exploited in the wild. The attack vector is local, requiring the attacker to be able to interact with the application’s search feature. Based on the description, it is inferred that the attacker must have local access to the machine. While the vulnerability only causes a service crash and does not expose confidentiality or integrity risks, repeated crashes could create a denial‑of‑service scenario in environments with multiple users or high availability demands.

Generated by OpenCVE AI on April 4, 2026 at 18:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the vendor’s website for an updated release and apply it if available
  • If no patch exists, consider disabling or removing the search functionality or restricting the maximum input length
  • Monitor application logs for abnormal search strings or repeated crashes
  • Implement application whitelisting or sandboxing to contain potential failures
  • Follow general best practices such as least privilege and timely patch management

Generated by OpenCVE AI on April 4, 2026 at 18:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft
Microsoft watchr
Vendors & Products Microsoft
Microsoft watchr

Mon, 06 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sat, 04 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
References

Sat, 04 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Description Microsoft Watchr 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 8145 characters into the search bar and trigger a search operation to cause the application to crash. Watchr 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 8145 characters into the search bar and trigger a search operation to cause the application to crash.
Title Microsoft Watchr 1.1.0.0 Denial of Service via Search Watchr 1.1.0.0 Denial of Service via Search

Sat, 04 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Microsoft Watchr 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 8145 characters into the search bar and trigger a search operation to cause the application to crash.
Title Microsoft Watchr 1.1.0.0 Denial of Service via Search
Weaknesses CWE-1260
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Microsoft Watchr
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-06T19:05:28.808Z

Reserved: 2026-04-04T13:16:34.636Z

Link: CVE-2018-25240

cve-icon Vulnrichment

Updated: 2026-04-06T19:03:21.592Z

cve-icon NVD

Status : Deferred

Published: 2026-04-04T14:16:19.453

Modified: 2026-04-16T16:15:56.380

Link: CVE-2018-25240

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T21:57:47Z

Weaknesses