Description
RoboImport 1.2.0.72 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to registration fields. Attackers can paste a 6000-byte buffer into the Registration Name and Registration Key fields and click Register to trigger an application crash.
Published: 2026-04-26
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

The vulnerability in RoboImport 1.2.0.72 allows a local attacker to cause a denial of service by submitting oversized data to the registration fields. By pasting a 6000‑byte buffer into both the Registration Name and Registration Key fields and clicking Register, the application crashes. The weakness is a classic buffer overflow (CWE‑120) that corrupts critical data structures and results in an uncontrolled shutdown of the software, potentially disrupting services that rely on RoboImport. The impact is limited to the local machine or environment where the application is running, but any processes or systems depending on RoboImport may become unavailable until the application is restarted or a patch is applied.

Affected Systems

Affected systems include Picajet RoboImport version 1.2.0.72. No additional affected versions were specified in the CNA data.

Risk and Exploitability

The CVSS score of 6.8 gives the vulnerability a moderate severity rating. The EPSS score of < 1% indicates a very low probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is local, requiring physical or remote access to the host machine where the application runs. An attacker would need to launch a user‑initiated registration action inside the application with the oversized payload. While the risk of exploitation is low, any intrusion that can reach a local session can leverage this flaw to destabilize the application.

Generated by OpenCVE AI on April 28, 2026 at 05:15 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the latest RoboImport version from Picajet’s official website (e.g., RoboImport 1.2.1 or later, if available) to remove the buffer overflow.
  • Verify that the Registration Name and Registration Key input fields are properly validated and reject payloads exceeding reasonable size limits. If upgrading is not yet possible, consider disabling the registration functionality or restricting access to trusted users only.
  • Apply operating‑system level controls such as application whitelisting or containerization to isolate RoboImport and mitigate the effect of any future crashes.

Generated by OpenCVE AI on April 28, 2026 at 05:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Picajet
Picajet roboimport
Vendors & Products Picajet
Picajet roboimport

Mon, 27 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 26 Apr 2026 13:30:00 +0000

Type Values Removed Values Added
Description RoboImport 1.2.0.72 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to registration fields. Attackers can paste a 6000-byte buffer into the Registration Name and Registration Key fields and click Register to trigger an application crash.
Title RoboImport 1.2.0.72 Denial of Service via Registration Fields
Weaknesses CWE-120
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Picajet Roboimport
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-27T14:02:16.511Z

Reserved: 2026-04-26T12:59:20.960Z

Link: CVE-2018-25276

cve-icon Vulnrichment

Updated: 2026-04-27T14:02:12.022Z

cve-icon NVD

Status : Deferred

Published: 2026-04-26T22:17:28.083

Modified: 2026-04-27T18:55:32.883

Link: CVE-2018-25276

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T05:30:23Z

Weaknesses