CVE-2026-13514 | Chess Play and Learn App up to 4.9.42 on Android com.chess AndroidManifest.xml backup

A vulnerability was found in Chess Play and Learn App up to 4.9.42 on Android. It has been rated as problematic. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.chess. This manipulation causes exposure of backup file to an unauthorized control sphere.

This vulnerability is handled as CVE-2026-13514. It is feasible to perform the attack on the physical device. Additionally, an exploit exists.

Upgrading the affected component is advised.

The vendor was informed early about this issue. They confirmed the existence and that they will address it. Furthermore, they explain that their bug bounty “explicitly excludes physical-access attacks”. However, they appreciate the quality of the report and aim at making a goodwill payment to the researcher.

CVE-2026-13514 | Chess Play and Learn App up to 4.9.42 on Android com.chess AndroidManifest.xml backup

Post correlati

CVE-2025-4537 | yangzongzhuan RuoYi-Vue up to 3.8.9 Password login.vue sensitive information in a cookie

CVE-2026-33368 | Zimbra Collaboration Suite 10.0/10.1 Webmail REST Interface /h/rest cross site scripting

CVE-2024-31411 | Apache StreamPipes up to 0.93.0 unrestricted upload

CVE-2025-1789 | Genetec Update Service prior 2.10.600 default permission