CVE-2026-1612

Name of the Vulnerable Software and Affected Versions AL-KO Robolinho Update Software version 8.0.21.0610 versions prior to 8.0.21.0610

Description The AL-KO Robolinho Update Software contains hard-coded AWS Access and Secret keys, potentially granting unauthorized access to AL-KO's AWS bucket. Utilizing these keys directly could provide an attacker with broader access than the application itself. Access granted by these keys includes at least read access to objects within the bucket. The vendor was notified of this issue but did not provide details regarding vulnerable version ranges.

Recommendations Update to version 8.0.21.0610 or later. At the moment, there is no information about a newer version that contains a fix for this vulnerability.