CVE-2026-5456

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Align Technology My Invisalign App version 3.12.4

Description A security issue exists in Align Technology My Invisalign App version 3.12.4 on Android. The issue involves the manipulation of the CDAACCESS TOKEN argument within an unknown function of the file com/aligntech/myinvisalign/BuildConfig.java of the component com.aligntech.myinvisalign.emea, leading to the use of a hard-coded cryptographic key. The attack requires local access. The exploit is publicly available.

Recommendations Update to a newer version that contains a fix for this vulnerability.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-321CWE-320

Related Identifiers

CVE-2026-5456

Affected Products

My Invisalign App

CVE-2026-5456

Weakness Enumeration

Related Identifiers

Affected Products

References · 7