Common Weakness Enumeration

CWE-926

Allowed

Improper Export of Android Application Components

Abstraction: Variant · Status: Incomplete

The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains.

147 vulnerabilities reference this CWE, most recent first.

GHSA-FR9R-MWP9-H3CG

Vulnerability from github – Published: 2025-04-08 06:30 – Updated: 2025-04-08 06:30
VLAI
Details

Improper access control in Sticker Center prior to SMR Apr-2025 Release 1 allows local attackers to access image files with system privilege.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-20934"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-926"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-08T05:15:37Z",
    "severity": "MODERATE"
  },
  "details": "Improper access control in Sticker Center prior to SMR Apr-2025 Release 1 allows local attackers to access image files with system privilege.",
  "id": "GHSA-fr9r-mwp9-h3cg",
  "modified": "2025-04-08T06:30:38Z",
  "published": "2025-04-08T06:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20934"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=04"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FRJW-RJ7C-PV43

Vulnerability from github – Published: 2025-07-20 15:30 – Updated: 2025-07-20 15:30
VLAI
Details

A vulnerability classified as problematic was found in Foresight News App up to 2.6.4 on Android. This vulnerability affects unknown code of the file AndroidManifest.xml of the component pro.foresightnews.appa. The manipulation leads to improper export of android application components. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-7893"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-926"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-20T14:15:28Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability classified as problematic was found in Foresight News App up to 2.6.4 on Android. This vulnerability affects unknown code of the file AndroidManifest.xml of the component pro.foresightnews.appa. The manipulation leads to improper export of android application components. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-frjw-rj7c-pv43",
  "modified": "2025-07-20T15:30:27Z",
  "published": "2025-07-20T15:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7893"
    },
    {
      "type": "WEB",
      "url": "https://github.com/KMov-g/androidapps/blob/main/pro.foresightnews.app.md"
    },
    {
      "type": "WEB",
      "url": "https://github.com/KMov-g/androidapps/blob/main/pro.foresightnews.app.md#steps-to-reproduce"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.317008"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.317008"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.615292"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-G4HQ-W2WM-2FP9

Vulnerability from github – Published: 2025-08-19 12:31 – Updated: 2025-08-19 12:31
VLAI
Details

A security vulnerability has been detected in AfterShip Package Tracker App up to 5.24.1 on Android. The affected element is an unknown function of the file AndroidManifest.xml of the component com.aftership.AfterShip. The manipulation leads to improper export of android application components. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure and replied: "After reviewing your report, we have confirmed that this vulnerability does indeed exist and we are actively working to fix it."

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-9134"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-926"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-19T11:15:29Z",
    "severity": "MODERATE"
  },
  "details": "A security vulnerability has been detected in AfterShip Package Tracker App up to 5.24.1 on Android. The affected element is an unknown function of the file AndroidManifest.xml of the component com.aftership.AfterShip. The manipulation leads to improper export of android application components. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure and replied: \"After reviewing your report, we have confirmed that this vulnerability does indeed exist and we are actively working to fix it.\"",
  "id": "GHSA-g4hq-w2wm-2fp9",
  "modified": "2025-08-19T12:31:14Z",
  "published": "2025-08-19T12:31:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9134"
    },
    {
      "type": "WEB",
      "url": "https://github.com/KMov-g/androidapps/blob/main/com.aftership.AfterShip.md"
    },
    {
      "type": "WEB",
      "url": "https://github.com/KMov-g/androidapps/blob/main/com.aftership.AfterShip.md#steps-to-reproduce"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.320514"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.320514"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.615253"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-G7QH-99Q7-56QV

Vulnerability from github – Published: 2021-12-09 00:00 – Updated: 2023-06-26 21:30
VLAI
Details

Improper export of Android application components vulnerability in Samsung Pay (India only) prior to version 4.1.77 allows attacker to access Bill Pay and Recharge menu without authentication.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-25527"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-926"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-08T15:15:00Z",
    "severity": "LOW"
  },
  "details": "Improper export of Android application components vulnerability in Samsung Pay (India only) prior to version 4.1.77 allows attacker to access Bill Pay and Recharge menu without authentication.",
  "id": "GHSA-g7qh-99q7-56qv",
  "modified": "2023-06-26T21:30:53Z",
  "published": "2021-12-09T00:00:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25527"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=12"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G7X3-MC24-PXM6

Vulnerability from github – Published: 2025-07-17 15:32 – Updated: 2025-07-17 15:32
VLAI
Details

Bluebird devices contain a pre-loaded file manager application. This application exposes an unsecured service provider "com.bluebird.system.koreanpost.IsdcardRemoteService". A local attacker can bind to the AIDL-type service to copy and delete arbitrary files from device's storage with system-level permissions.

Version 1.4.4 is vulnerable, vendor reverted vulnerable versions to older version: 1.3.6

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-5345"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-926"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-17T13:15:23Z",
    "severity": "MODERATE"
  },
  "details": "Bluebird devices contain a pre-loaded file manager application. This application exposes an unsecured service provider \"com.bluebird.system.koreanpost.IsdcardRemoteService\". A local attacker can bind to the AIDL-type service to copy and delete arbitrary files from device\u0027s storage with system-level permissions.\n\nVersion 1.4.4 is vulnerable, vendor reverted vulnerable versions to older version: 1.3.6",
  "id": "GHSA-g7x3-mc24-pxm6",
  "modified": "2025-07-17T15:32:15Z",
  "published": "2025-07-17T15:32:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5345"
    },
    {
      "type": "WEB",
      "url": "https://cert.pl/en/posts/2025/07/CVE-2025-5344"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-G933-MQC6-XP2V

Vulnerability from github – Published: 2024-03-05 00:31 – Updated: 2024-03-05 00:31
VLAI
Details

An improper export vulnerability was reported in the Motorola Carrier Services application that could allow a malicious, local application to read files without authorization.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-41829"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-926"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-04T22:15:46Z",
    "severity": "MODERATE"
  },
  "details": "An improper export vulnerability was reported in the Motorola Carrier Services application that could allow a malicious, local application to read files without authorization.",
  "id": "GHSA-g933-mqc6-xp2v",
  "modified": "2024-03-05T00:31:14Z",
  "published": "2024-03-05T00:31:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41829"
    },
    {
      "type": "WEB",
      "url": "https://en-us.support.motorola.com/app/answers/detail/a_id/178272"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GF4F-9HJ7-657C

Vulnerability from github – Published: 2025-09-10 15:31 – Updated: 2025-09-10 15:31
VLAI
Details

A vulnerability was identified in GalleryVault Gallery Vault App up to 4.5.2 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.thinkyeah.galleryvault. The manipulation leads to improper export of android application components. The attack can only be performed from a local environment. The exploit is publicly available and might be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-9695"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-926"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-30T16:15:37Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was identified in GalleryVault Gallery Vault App up to 4.5.2 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.thinkyeah.galleryvault. The manipulation leads to improper export of android application components. The attack can only be performed from a local environment. The exploit is publicly available and might be used.",
  "id": "GHSA-gf4f-9hj7-657c",
  "modified": "2025-09-10T15:31:14Z",
  "published": "2025-09-10T15:31:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9695"
    },
    {
      "type": "WEB",
      "url": "https://github.com/KMov-g/androidapps/blob/main/com.thinkyeah.galleryvault.md"
    },
    {
      "type": "WEB",
      "url": "https://github.com/KMov-g/androidapps/blob/main/com.thinkyeah.galleryvault.md#steps-to-reproduce"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.321906"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.321906"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.639039"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-GWM6-6596-7JRG

Vulnerability from github – Published: 2025-08-18 00:30 – Updated: 2025-08-18 00:30
VLAI
Details

A vulnerability was found in Euro Information CIC banque et compte en ligne App 12.56.0 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.cic_prod.bad. The manipulation leads to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-9097"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-926"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-18T00:15:28Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in Euro Information CIC banque et compte en ligne App 12.56.0 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.cic_prod.bad. The manipulation leads to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-gwm6-6596-7jrg",
  "modified": "2025-08-18T00:30:30Z",
  "published": "2025-08-18T00:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9097"
    },
    {
      "type": "WEB",
      "url": "https://github.com/KMov-g/androidapps/blob/main/com.cic_prod.bad.md"
    },
    {
      "type": "WEB",
      "url": "https://github.com/KMov-g/androidapps/blob/main/com.cic_prod.bad.md#steps-to-reproduce"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.320419"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.320419"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.627899"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-GWQG-23X2-CWW4

Vulnerability from github – Published: 2024-09-30 15:30 – Updated: 2025-10-03 09:30
VLAI
Details

Cross Application Scripting vulnerability in Vercom S.A. Redlink SDK in specific situations allows local code injection and to manipulate the view of a vulnerable application.This issue affects Redlink SDK versions through 1.13.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-6051"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-926",
      "CWE-99"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-30T13:15:02Z",
    "severity": "MODERATE"
  },
  "details": "Cross Application Scripting vulnerability in Vercom S.A. Redlink SDK\u00a0in specific situations allows local code injection and to manipulate the view of a vulnerable application.This issue affects Redlink SDK versions through 1.13.",
  "id": "GHSA-gwqg-23x2-cww4",
  "modified": "2025-10-03T09:30:19Z",
  "published": "2024-09-30T15:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6051"
    },
    {
      "type": "WEB",
      "url": "https://cert.pl/en/posts/2024/09/CVE-2024-6051"
    },
    {
      "type": "WEB",
      "url": "https://cert.pl/posts/2024/09/CVE-2024-6051"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:A/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:L/U:Clear",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-H8RJ-9VPC-9RGC

Vulnerability from github – Published: 2024-05-03 15:30 – Updated: 2024-05-03 15:30
VLAI
Details

An improper export vulnerability was reported in the Motorola Services Main application that could allow a local attacker to write to a local database. 

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-41816"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-926"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-03T14:15:08Z",
    "severity": "MODERATE"
  },
  "details": "\nAn improper export vulnerability was reported in the Motorola Services Main application that could allow a local attacker to write to a local database.\u00a0\n\n",
  "id": "GHSA-h8rj-9vpc-9rgc",
  "modified": "2024-05-03T15:30:52Z",
  "published": "2024-05-03T15:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41816"
    },
    {
      "type": "WEB",
      "url": "https://en-us.support.motorola.com/app/answers/detail/a_id/178874"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Build and Compilation

Strategy: Attack Surface Reduction

If they do not need to be shared by other applications, explicitly mark components with android:exported="false" in the application manifest.

Mitigation
Build and Compilation

Strategy: Attack Surface Reduction

If you only intend to use exported components between related apps under your control, use android:protectionLevel="signature" in the xml manifest to restrict access to applications signed by you.

Mitigation
Build and Compilation Architecture and Design

Strategy: Attack Surface Reduction

Limit Content Provider permissions (read/write) as appropriate.

Mitigation
Build and Compilation Architecture and Design

Strategy: Separation of Privilege

Limit Content Provider permissions (read/write) as appropriate.

No CAPEC attack patterns related to this CWE.