Description
Infiltrator Network Security Scanner 4.6 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a 6000-byte payload into the Scan Target field and trigger a denial of service condition when the Scan button is clicked.
Published: 2026-04-26
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Fix
AI Analysis

Impact

The vulnerability is a buffer overflow (CWE-120) in the Scan Target field that can be triggered by providing an oversized 6000‑byte string. Local users can crash the application by clicking the Scan button, resulting in a denial of service that prevents legitimate scans from completing.

Affected Systems

The flaw affects Infiltration‑Systems Infiltrator Network Security Scanner version 4.6. No other affected versions are currently documented.

Risk and Exploitability

The CVSS score of 6.8 indicates a moderate severity, and the EPSS score of less than 1% suggests a low probability of exploitation at this time. Because the attack requires local access to submit the oversized payload, the threat is limited to users with permission to run scans. The vulnerability is not listed in the CISA KEV catalog.

Generated by OpenCVE AI on April 28, 2026 at 13:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a version of the Infiltrator Network Security Scanner that contains the buffer‑overflow fix.
  • Restrict or disable the Scan Target input for local users until a patched version is available.
  • Monitor the scanner’s logs for repeated crash attempts and block any suspicious activity.
  • Implement network segmentation to isolate the scanner from critical assets.

Generated by OpenCVE AI on April 28, 2026 at 13:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Infiltration-systems
Infiltration-systems infiltrator Network Security Scanner
Vendors & Products Infiltration-systems
Infiltration-systems infiltrator Network Security Scanner

Mon, 27 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 26 Apr 2026 13:30:00 +0000

Type Values Removed Values Added
Description Infiltrator Network Security Scanner 4.6 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a 6000-byte payload into the Scan Target field and trigger a denial of service condition when the Scan button is clicked.
Title Infiltrator Network Security Scanner 4.6 Denial of Service
Weaknesses CWE-120
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Infiltration-systems Infiltrator Network Security Scanner
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-27T13:31:11.902Z

Reserved: 2026-04-26T13:01:45.683Z

Link: CVE-2018-25280

cve-icon Vulnrichment

Updated: 2026-04-27T13:09:27.575Z

cve-icon NVD

Status : Deferred

Published: 2026-04-26T22:17:28.697

Modified: 2026-04-27T18:55:32.883

Link: CVE-2018-25280

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T13:30:32Z

Weaknesses