Report an incident
Back
  • About us
  • For experts
Report an incident
About us
About our team Contact
Baza wiedzy
Fałszywe inwestycje Uważaj na fałszywe sklepy online (Nie)bezpieczne płatności Fałszywi konsultanci Zadbaj o bezpieczne hasła i logowanie Fałszywe załączniki w mailach Fałszywe prośby o szybki przelew Fałszywe SMSy - plaga ostatnich miesięcy Bezpieczny telefon
Biuletyn OUCH!
Porady bezpieczeństwa OUCH!
Projects
n6 Artemis MWDB
CVD program
CVD policy Advisories

Vulnerability in Robolinho Update Software
30 March 2026 | CERT Polska | #vulnerability, #warning, #cve
CVE ID CVE-2026-1612
Publication date 30 March 2026
Vendor AL-KO
Product Robolinho Update Software
Vulnerable versions 8.0.21.0610
Vulnerability type (CWE) Use of Hard-coded Credentials (CWE-798)
Report source Report to CERT Polska

Description

CERT Polska has received a report about vulnerability in AL-KO Robolinho Update Software and participated in coordination of its disclosure.

The vulnerability CVE-2026-1612: AL-KO Robolinho Update Software has hard-coded AWS Access and Secret keys that allow anyone to access AL-KO's AWS bucket. Using the keys directly might give the attacker greater access than the app itself. Key grants AT LEAST read access to some of the objects in bucket.

The vendor was notified early about this vulnerability, but didn't respond in any way. Only versions 8.0.21.0610 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.

Credits

We thank Piotr Ptaszek for the responsible vulnerability report.

More about the coordinated vulnerability disclosure process at CERT Polska can be found at https://cert.pl/en/cvd/.