CVE-2026-3668

Name of the Vulnerable Software and Affected Versions Freedom Factory dGEN1 versions up to 20260221

Description An issue exists in the AndroidEthereum function of the org.ethosmobile.webpwaemul component that results in improper access controls. Remote exploitation is possible, but is considered difficult due to the high complexity of the attack. The exploit has been publicly released. The vendor was contacted regarding this issue but did not respond.

Recommendations Versions prior to 20260221 should be updated. As a temporary workaround, consider restricting access to the AndroidEthereum function until a patch is available.