CVE-2026-22694

Name of the Vulnerable Software and Affected Versions AliasVault versions 0.24.0 through 0.25.2

Description AliasVault is a privacy-first password manager with built-in email aliasing. Versions of AliasVault for Android had a problem with how requests for passkeys from Android applications were checked. A malicious application could try to get a passkey response for a website it should not have access to under specific local conditions. The problem was caused by not fully checking the identity, origin, and RP ID of the calling application within the Android credential provider.

Recommendations Update to AliasVault Android version 0.25.3 or later.