CVE-2026-4218 | myAEDES App up to 1.18.4 on Android aedes.me.beta EngageBayUtils.java AUTH_KEY information disclosure

Inserito da Angelo Barbosa | Mar 15, 2026 | CVE

A vulnerability was found in myAEDES App up to 1.18.4 on Android. It has been rated as problematic. Affected is an unknown function of the file aedes/me/beta/utils/EngageBayUtils.java of the component aedes.me.beta. Performing a manipulation of the argument AUTH_KEY results in information disclosure.

This vulnerability is identified as CVE-2026-4218. The attack is only possible with local access. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4218 | myAEDES App up to 1.18.4 on Android aedes.me.beta EngageBayUtils.java AUTH_KEY information disclosure

Post correlati

CVE-2025-5921 | SureForms Plugin up to 1.7.1 on WordPress cross site scripting

CVE-2023-4729 | LadiApp Plugin up to 4.4 on WordPress publish_lp cross-site request forgery

CVE-2024-36790 | Netgear WNR614/N300 cleartext storage

CVE-2024-26897 | Linux Kernel up to 6.8.1 wifi ath9k_wmi_event_tasklet null pointer dereference