Description
SpotAuditor 5.2.6 contains a denial of service vulnerability in the registration dialog that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 repeated characters into the Name input during registration to trigger an application crash.
Published: 2026-03-22
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

SpotAuditor version 5.2.6 contains a flaw in its registration dialog that allows a locally active user to crash the application by entering a name string consisting of more than 300 repeated characters. The vulnerability is a buffer overflow type weakness (CWE-1287) that results in an unhandled exception, terminating the SpotAuditor process and making the software unavailable to legitimate users.

Affected Systems

The issue affects only SpotAuditor 5.2.6 distributed by NSAuditor. Users running that exact build are vulnerable; higher or lower versions are not known to be affected.

Risk and Exploitability

The CVSS base score of 6.9 classifies this problem as moderate severity. The need for local interaction limits the exposure, and no EPSS score or KEV listing is present, indicating that zero‑day exploitation or widespread attacks are unlikely. Nevertheless, any environment where untrusted users can launch SpotAuditor may face forced downtime.

Generated by OpenCVE AI on March 22, 2026 at 15:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the NSAuditor website and install any available SpotAuditor 5.2.6 patch or newer release that addresses the crash flaw.
  • If no patch is available, configure the application or underlying user interface to limit the Name field length to a safe size (e.g., less than 300 characters).
  • Restart SpotAuditor after applying the length restriction to ensure the change takes effect.

Generated by OpenCVE AI on March 22, 2026 at 15:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Nsauditor
Nsauditor spotauditor
Vendors & Products Nsauditor
Nsauditor spotauditor

Sun, 22 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Description SpotAuditor 5.2.6 contains a denial of service vulnerability in the registration dialog that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 repeated characters into the Name input during registration to trigger an application crash.
Title SpotAuditor 5.2.6 Name Field Denial of Service
First Time appeared Nsasoft
Nsasoft spotauditor
Weaknesses CWE-1287
CPEs cpe:2.3:a:nsasoft:spotauditor:5.2.6:*:*:*:*:*:*:*
Vendors & Products Nsasoft
Nsasoft spotauditor
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Nsasoft Spotauditor
Nsauditor Spotauditor
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-23T15:31:26.432Z

Reserved: 2026-03-22T12:56:44.196Z

Link: CVE-2019-25596

cve-icon Vulnrichment

Updated: 2026-03-23T15:31:23.063Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-22T14:16:26.613

Modified: 2026-03-23T19:51:23.053

Link: CVE-2019-25596

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:46:20Z

Weaknesses