FKIE_CVE-2026-22694

Vulnerability from fkie_nvd - Published: 2026-01-14 17:16 - Updated: 2026-03-05 13:45
Severity ?
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
Summary
AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a malicious app could attempt to obtain a passkey response for a site it was not authorized to access. The issue involved incomplete validation of calling app identity, origin, and RP ID in the Android credential provider. This issue was fixed in AliasVault Android 0.25.3.
References
security-advisories@github.comhttps://github.com/aliasvault/aliasvault/commit/b3350473103d6138ab2b63ca130c211717eac67dPatch
security-advisories@github.comhttps://github.com/aliasvault/aliasvault/issues/1440Patch, Issue Tracking
security-advisories@github.comhttps://github.com/aliasvault/aliasvault/pull/1441Issue Tracking, Patch
security-advisories@github.comhttps://github.com/aliasvault/aliasvault/releases/tag/0.25.3Product, Release Notes
security-advisories@github.comhttps://github.com/aliasvault/aliasvault/security/advisories/GHSA-mvg4-wvjv-332qPatch, Vendor Advisory, Mitigation
Impacted products
Vendor Product Version
aliasvault aliasvault *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:aliasvault:aliasvault:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4D29B44-D84E-4350-8740-E6D5430F7BF0",
              "versionEndExcluding": "0.25.3",
              "versionStartIncluding": "0.24.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a malicious app could attempt to obtain a passkey response for a site it was not authorized to access. The issue involved incomplete validation of calling app identity, origin, and RP ID in the Android credential provider. This issue was fixed in AliasVault Android 0.25.3."
    },
    {
      "lang": "es",
      "value": "AliasVault es un gestor de contrase\u00f1as centrado en la privacidad con alias de correo electr\u00f3nico integrado. Las versiones de AliasVault para Android de la 0.24.0 a la 0.25.2 conten\u00edan un problema en c\u00f3mo se validaban las solicitudes de claves de acceso de las aplicaciones de Android. Bajo ciertas condiciones locales, una aplicaci\u00f3n maliciosa podr\u00eda intentar obtener una respuesta de clave de acceso para un sitio al que no estaba autorizada a acceder. El problema implicaba una validaci\u00f3n incompleta de la identidad de la aplicaci\u00f3n llamante, el origen y el ID de RP en el proveedor de credenciales de Android. Este problema se solucion\u00f3 en AliasVault Android 0.25.3."
    }
  ],
  "id": "CVE-2026-22694",
  "lastModified": "2026-03-05T13:45:38.950",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 4.2,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 4.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2026-01-14T17:16:08.810",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/aliasvault/aliasvault/commit/b3350473103d6138ab2b63ca130c211717eac67d"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Issue Tracking"
      ],
      "url": "https://github.com/aliasvault/aliasvault/issues/1440"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://github.com/aliasvault/aliasvault/pull/1441"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Product",
        "Release Notes"
      ],
      "url": "https://github.com/aliasvault/aliasvault/releases/tag/0.25.3"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Vendor Advisory",
        "Mitigation"
      ],
      "url": "https://github.com/aliasvault/aliasvault/security/advisories/GHSA-mvg4-wvjv-332q"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-346"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.