6.1

CVE-2026-22694

EPSS 0.01%
Veröffentlicht 14.01.2026 16:32:36
Zuletzt bearbeitet 05.03.2026 13:45:38
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a malicious app could attempt to obtain a passkey response for a site it was not authorized to access. The issue involved incomplete validation of calling app identity, origin, and RP ID in the Android credential provider. This issue was fixed in AliasVault Android 0.25.3.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Aliasvault ≫ Aliasvault Version >= 0.24.0 < 0.25.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.007

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	1.8	4.2	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
security-advisories@github.com	6.1	1.8	4.2	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N

CWE-346 Origin Validation Error

The product does not properly verify that the source of data or communication is valid.

https://github.com/aliasvault/aliasvault/security/advisories/GHSA-mvg4-wvjv-332q

Patch

Vendor Advisory

Mitigation

https://github.com/aliasvault/aliasvault/issues/1440

Patch

Issue Tracking

https://github.com/aliasvault/aliasvault/pull/1441

Patch

Issue Tracking

https://github.com/aliasvault/aliasvault/commit/b3350473103d6138ab2b63ca130c211717eac67d

Patch

https://github.com/aliasvault/aliasvault/releases/tag/0.25.3

Product

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2026-22694

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-22694

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-22694

EUVD