CVE-2026-4218

LOW 2.5

myAEDES App aedes.me.beta EngageBayUtils.java information disclosure

CVSS Score

2.5

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was detected in myAEDES App up to 1.18.4 on Android. Affected is an unknown function of the file aedes/me/beta/utils/EngageBayUtils.java of the component aedes.me.beta. Performing a manipulation of the argument AUTH_KEY results in information disclosure. The attack is only possible with local access. The attack's complexity is rated as high. The exploitability is told to be difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE	CWE-200 CWE-284
Vendor	n/a
Product	myaedes app
Published	Mar 16, 2026
Last Updated	Mar 16, 2026

Stay Ahead of the Next One

Get instant alerts for n/a myaedes app

Be the first to know when new low vulnerabilities affecting n/a myaedes app are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

n/a / myAEDES App

1.18.0 1.18.1 1.18.2 1.18.3 1.18.4

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.351142 vuldb.com: https://vuldb.com/?ctiid.351142 vuldb.com: https://vuldb.com/?submit.770509 notion.so: https://www.notion.so/Authorization-Credential-Exposure-Leading-to-Data-Leakage-in-aedes-me-beta-app-3172de3f97fb8018abc9c25a878f5845?source=copy_link

Credits

🔍 fxizenta (VulDB User) VulDB