CVE-2026-4217 | XREAL Nebula App up to 3.2.1 on Android ai.nreal.nebula.universal CloudStoragePlugin.java accessKey/secretAccessKey/securityToken key management

A vulnerability was found in XREAL Nebula App up to 3.2.1 on Android. It has been declared as problematic. This impacts an unknown function of the file in ai/nreal/nebula/flutterPlugin/CloudStoragePlugin.java of the component ai.nreal.nebula.universal. Such manipulation of the argument accessKey/secretAccessKey/securityToken leads to key management error.

This vulnerability is referenced as CVE-2026-4217. The attack can only be performed from a local environment. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4217 | XREAL Nebula App up to 3.2.1 on Android ai.nreal.nebula.universal CloudStoragePlugin.java accessKey/secretAccessKey/securityToken key management

Post correlati

CVE-2024-11666 | hardy-barth cph2_echarge_firmware up to 2.0.4 data authenticity

CVE-2024-53140 | Linux Kernel up to 6.1.118/6.6.62/6.11.9 netlink state issue

CVE-2024-46781 | Linux Kernel up to 6.10.9 nilfs2 ns_dirty_files use after free

CVE-2024-12817 | coreymcollins Etsy Importer Plugin up to 1.4.2 on WordPress Shortcode product_link cross site scripting