CVE-2026-5456 | Align Technology My Invisalign App 3.12.4 on Android com.aligntech.myinvisalign.emea BuildConfig.java CDAACCESS_TOKEN hard-coded key

A vulnerability has been found in Align Technology My Invisalign App 3.12.4 on Android and classified as problematic. The impacted element is an unknown function of the file com/aligntech/myinvisalign/BuildConfig.java of the component com.aligntech.myinvisalign.emea. The manipulation of the argument CDAACCESS_TOKEN leads to use of hard-coded cryptographic key
.

This vulnerability is listed as CVE-2026-5456. The attack must be carried out locally. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-5456 | Align Technology My Invisalign App 3.12.4 on Android com.aligntech.myinvisalign.emea BuildConfig.java CDAACCESS_TOKEN hard-coded key

Post correlati

CVE-2023-6814 | Hitachi Cosminexus Component Container prior 11-00-12/11-30-05 log file (sec-2024-118)

CVE-2024-36515 | Zoho ManageEngine ADAudit Plus up to 7999 Dashboard sql injection

CVE-2025-8832 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 up to 20250801 /goform/setDMZ DMZIPAddress stack-based overflow

Elementor Addon Elements Plugin authorization