CVE-2026-4218

Name of the Vulnerable Software and Affected Versions myAEDES App versions through 1.18.4

Description A flaw exists in myAEDES App on Android that allows information disclosure. The issue is related to the manipulation of the AUTH KEY argument within an unknown function of the file aedes/me/beta/utils/EngageBayUtils.java of the aedes.me.beta component. This issue is only exploitable with local access and is considered difficult to exploit. The exploit is publicly available. The vendor was notified but did not respond.

Recommendations Versions through 1.18.4 should be updated when a fix is available. As a temporary workaround, consider restricting access to the aedes.me.beta component to minimize the risk of exploitation.