Description
Worksnaps before version 1.6.20260201 contains hardcoded cloud credentials and related secret material in the Worksnaps client application binaries. The exposed credentials included AWS access keys, S3 bucket names, and related cloud access information. The originally exposed AWS credentials authenticated as the AWS account root identity and provided access to Worksnaps production cloud resources, including S3 buckets containing sensitive data such as screenshots of user desktops. An attacker with access to the affected client binaries could extract or recover the credentials and use them to access affected Worksnaps cloud resources.
Published: 2026-06-18
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability involves hardcoded AWS credentials and other secret material embedded in the Worksnaps client application binaries. Those credentials grant AWS root identity access to the organization’s production cloud resources. An attacker who obtains the affected binaries can extract the keys and use them to read or modify sensitive data stored in S3 buckets, including screenshots of user desktops. The result is a loss of confidentiality and possible control of the entire cloud environment.

Affected Systems

Silver Leaf Technologies, Inc. Worksnaps client application versions earlier than 1.6.20260201 are affected. The exposure pertains to the client binaries distributed to customers, and does not affect newer releases.

Risk and Exploitability

The CVSS score of 9.3 reflects a severe exploitability, while the EPSS score of less than 1% indicates a very low probability of exploitation in the wild. The vulnerability is not listed in CISA’s KEV catalog. Attackers would most likely gain access by obtaining the compromised binaries through normal distribution channels or by compromising a system that holds the binaries. Once a binary is accessed, credential extraction is straightforward and can immediately authorize full cloud resource access.

Generated by OpenCVE AI on June 18, 2026 at 17:37 UTC.

Remediation

Vendor Solution

The vendor provides a patched version 1.6.20260201 or higher, which should be installed immediately. The patched client can be downloaded from the vendor's website. According to the vendor, server-side fixes have also been implemented to mitigate the identified security issues.

OpenCVE Recommended Actions

  • Update the Worksnaps client to version 1.6.20260201 or later, downloaded from the vendor’s website.
  • Ensure that any production deployments of Worksnaps are also updated to incorporate the vendor’s server-side fixes.
  • Implement file‑integrity monitoring or a policy that disallows execution of worksnaps binaries that do not match the latest signed version to prevent accidental use of compromised binaries.

Generated by OpenCVE AI on June 18, 2026 at 17:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description Worksnaps before version 1.6.20260201 contains hardcoded cloud credentials and related secret material in the Worksnaps client application binaries. The exposed credentials included AWS access keys, S3 bucket names, and related cloud access information. The originally exposed AWS credentials authenticated as the AWS account root identity and provided access to Worksnaps production cloud resources, including S3 buckets containing sensitive data such as screenshots of user desktops. An attacker with access to the affected client binaries could extract or recover the credentials and use them to access affected Worksnaps cloud resources.
Title Hardcoded cloud credentials in Worksnaps client application binaries expose production cloud resources
Weaknesses CWE-798
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: SEC-VLab

Published:

Updated: 2026-06-18T12:38:58.358Z

Reserved: 2025-09-16T13:21:18.776Z

Link: CVE-2025-10560

cve-icon Vulnrichment

Updated: 2026-06-18T12:38:51.227Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T17:45:13Z

Weaknesses
  • CWE-798

    Use of Hard-coded Credentials