CVE-2026-4218

// CVE-2026-4218 PoC - myAEDES App AUTH_KEY Information Disclosure // This PoC demonstrates the exploitation of the AUTH_KEY parameter manipulation // Note: This vulnerability requires local access to the Android device // 1. Extract the vulnerable APK from the device // adb pull /data/app/com.myAEDES.app/base.apk // 2. Decompile the APK using jadx or apktool // jadx-gui base.apk // 3. Navigate to the vulnerable file: // aedes/me/beta/utils/EngageBayUtils.java // 4. The vulnerable code pattern typically looks like: /* public class EngageBayUtils { private static String AUTH_KEY = "default_key"; public static String getAuthKey(Context context) { // Vulnerable: AUTH_KEY can be manipulated SharedPreferences prefs = context.getSharedPreferences("aedes_prefs", Context.MODE_PRIVATE); String userKey = prefs.getString("auth_key", null); if (userKey != null) { return userKey; // Returns potentially malicious/manipulated key } return AUTH_KEY; } public static boolean validateAuth(String key) { // Insufficient validation allows information disclosure return key != null && key.length() > 0; } } */ // 5. Exploitation steps: // - Access the app's SharedPreferences directory // - Modify or inject a crafted AUTH_KEY value // - Trigger authentication flow to retrieve sensitive data // 6. Remediation check: // - Ensure AUTH_KEY is stored encrypted // - Implement proper input validation // - Use Android Keystore for credential storage

{"cve": {"id": "CVE-2026-4218", "sourceIdentifier": "[email protected]", "published": "2026-03-16T14:20:09.263", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in myAEDES App up to 1.18.4 on Android. Affected is an unknown function of the file aedes/me/beta/utils/EngageBayUtils.java of the component aedes.me.beta. Performing a manipulation of the argument AUTH_KEY results in information disclosure. The attack is only possible with local access. The attack's complexity is rated as high. The exploitability is told to be difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Una vulnerabilidad fue detectada en la aplicación myAEDES hasta la versión 1.18.4 en Android. Afecta a una función desconocida del archivo aedes/me/beta/utils/EngageBayUtils.java del componente aedes.me.beta. Realizar una manipulación del argumento AUTH_KEY resulta en revelación de información. El ataque solo es posible con acceso local. La complejidad del ataque se califica como alta. La explotabilidad se dice que es difícil. El exploit ahora es público y puede ser usado. El proveedor fue contactado tempranamente sobre esta revelación, pero no respondió de ninguna manera."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 1.1, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 2.5, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.0, "impactScore": 1.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:L/AC:H/Au:S/C:P/I:N/A:N", "baseScore": 1.0, "accessVector": "LOCAL", "accessComplexity": "HIGH", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "baseSeverity": "LOW", "exploitabilityScore": 1.5, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-284"}]}], "references": [{"url": "https://vuldb.com/?ctiid.351142", "source": "[email protected]"}, {"url": "https://vuldb.com/?id.351142", "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.770509", "source": "[email protected]"}, {"url": "https://www.notion.so/Authorization-Credential-Exposure-Leading-to-Data-Leakage-in-aedes-me-beta-app-3172de3f97fb8018abc9c25a878f5845?source=copy_link", "source": "[email protected]"}]}}