Description
iCash 7.6.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload through the Connect to Server dialog. Attackers can paste a 7000-byte string into the Host field and click Connect to trigger an application crash.
Published: 2026-04-26
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

iCash 7.6.5 contains a buffer overflow in the Connect to Server dialog. A local attacker can supply an oversized 7000‑byte string in the Host field, causing the application to crash. The vulnerability is a classic stack overflow (CWE‑120) that results in a denial‑of‑service condition, interrupting local users and processes that rely on the application.

Affected Systems

The affected product is Maxprog iCash version 7.6.5. No other versions or components are listed as vulnerable in the provided data.

Risk and Exploitability

The CVSS score of 6.8 indicates moderate severity, while an EPSS score of less than 1% signals very low exploitation probability. The issue is exploitable only by local users; it lacks a remote attack vector and is not listed in CISA KEV. Overall risk is moderate but the likelihood of an attack occurring is low and the impact is limited to local application availability.

Generated by OpenCVE AI on April 28, 2026 at 05:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Maxprog iCash to a version that removes the buffer overflow (for example, any release beyond 7.6.5).
  • If an upgrade is not immediately possible, restrict local users from accessing the application or disable the Connect to Server feature to prevent crash attempts.
  • Monitor system logs for repeated application crashes or attempts to use an oversized host string and apply additional configuration hardening or user‑access controls as needed.

Generated by OpenCVE AI on April 28, 2026 at 05:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Maxprog
Maxprog icash
Vendors & Products Maxprog
Maxprog icash

Mon, 27 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 26 Apr 2026 13:30:00 +0000

Type Values Removed Values Added
Description iCash 7.6.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload through the Connect to Server dialog. Attackers can paste a 7000-byte string into the Host field and click Connect to trigger an application crash.
Title iCash 7.6.5 Denial of Service via Connect to Server
Weaknesses CWE-120
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Maxprog Icash
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-27T13:09:10.490Z

Reserved: 2026-04-26T13:01:51.790Z

Link: CVE-2018-25281

cve-icon Vulnrichment

Updated: 2026-04-27T13:09:06.856Z

cve-icon NVD

Status : Deferred

Published: 2026-04-26T22:17:28.843

Modified: 2026-04-27T18:55:32.883

Link: CVE-2018-25281

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T05:15:22Z

Weaknesses