CVE-2026-4218

CVSS v3.1

2.5

Low

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions myAEDES App versions through 1.18.4

Description A flaw exists in myAEDES App on Android that allows information disclosure. The issue is related to the manipulation of the AUTH KEY argument within an unknown function of the file aedes/me/beta/utils/EngageBayUtils.java of the aedes.me.beta component. This issue is only exploitable with local access and is considered difficult to exploit. The exploit is publicly available. The vendor was notified but did not respond.

Recommendations Versions through 1.18.4 should be updated when a fix is available. As a temporary workaround, consider restricting access to the aedes.me.beta component to minimize the risk of exploitation.

Exploit

Fix

Information Disclosure

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-284

Related Identifiers

CVE-2026-4218

Affected Products

Undefined

CVE-2026-4218

Weakness Enumeration

Related Identifiers

Affected Products

References · 8