CVE-2026-2974

Name of the Vulnerable Software and Affected Versions AliasVault App versions through 0.25.3

Description A security issue exists in AliasVault App on Android/iOS. The issue is related to the Backup Handler component and affects the shared prefs/aliasvault.xml file. Manipulation of the accessToken, refreshToken, metadata, key derivation params, and auth methods arguments can lead to unauthorized exposure of backup files. The attack requires local access and is considered complex and difficult to exploit. The tokens stored in aliasvault.xml are API session tokens and do not, on their own, allow decryption of the vault; the master password is still required.

Recommendations Upgrade to version 0.26.0 to resolve the issue.