CVE-2026-4217

Name of the Vulnerable Software and Affected Versions XREAL Nebula App versions through 3.2.1

Description A security issue has been identified in XREAL Nebula App on Android. The issue affects an unknown function within the ai/nreal/nebula/flutterPlugin/CloudStoragePlugin.java file of the ai.nreal.nebula.universal component. Manipulation of the accessKey, secretAccessKey, and securityToken arguments can lead to unprotected storage of credentials. The attack is limited to local execution and is considered difficult to exploit, requiring a high level of complexity. The exploit has been publicly disclosed.

Recommendations Versions through 3.2.1 should be updated when a fix becomes available. As a temporary workaround, consider restricting access to the CloudStoragePlugin.java file to minimize the risk of exploitation.