CWE-926
AllowedImproper Export of Android Application Components
Abstraction: Variant · Status: Incomplete
The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains.
147 vulnerabilities reference this CWE, most recent first.
GHSA-FR9R-MWP9-H3CG
Vulnerability from github – Published: 2025-04-08 06:30 – Updated: 2025-04-08 06:30Improper access control in Sticker Center prior to SMR Apr-2025 Release 1 allows local attackers to access image files with system privilege.
{
"affected": [],
"aliases": [
"CVE-2025-20934"
],
"database_specific": {
"cwe_ids": [
"CWE-926"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-08T05:15:37Z",
"severity": "MODERATE"
},
"details": "Improper access control in Sticker Center prior to SMR Apr-2025 Release 1 allows local attackers to access image files with system privilege.",
"id": "GHSA-fr9r-mwp9-h3cg",
"modified": "2025-04-08T06:30:38Z",
"published": "2025-04-08T06:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20934"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=04"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-FRJW-RJ7C-PV43
Vulnerability from github – Published: 2025-07-20 15:30 – Updated: 2025-07-20 15:30A vulnerability classified as problematic was found in Foresight News App up to 2.6.4 on Android. This vulnerability affects unknown code of the file AndroidManifest.xml of the component pro.foresightnews.appa. The manipulation leads to improper export of android application components. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-7893"
],
"database_specific": {
"cwe_ids": [
"CWE-926"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-20T14:15:28Z",
"severity": "MODERATE"
},
"details": "A vulnerability classified as problematic was found in Foresight News App up to 2.6.4 on Android. This vulnerability affects unknown code of the file AndroidManifest.xml of the component pro.foresightnews.appa. The manipulation leads to improper export of android application components. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-frjw-rj7c-pv43",
"modified": "2025-07-20T15:30:27Z",
"published": "2025-07-20T15:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7893"
},
{
"type": "WEB",
"url": "https://github.com/KMov-g/androidapps/blob/main/pro.foresightnews.app.md"
},
{
"type": "WEB",
"url": "https://github.com/KMov-g/androidapps/blob/main/pro.foresightnews.app.md#steps-to-reproduce"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.317008"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.317008"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.615292"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-G4HQ-W2WM-2FP9
Vulnerability from github – Published: 2025-08-19 12:31 – Updated: 2025-08-19 12:31A security vulnerability has been detected in AfterShip Package Tracker App up to 5.24.1 on Android. The affected element is an unknown function of the file AndroidManifest.xml of the component com.aftership.AfterShip. The manipulation leads to improper export of android application components. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure and replied: "After reviewing your report, we have confirmed that this vulnerability does indeed exist and we are actively working to fix it."
{
"affected": [],
"aliases": [
"CVE-2025-9134"
],
"database_specific": {
"cwe_ids": [
"CWE-926"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-19T11:15:29Z",
"severity": "MODERATE"
},
"details": "A security vulnerability has been detected in AfterShip Package Tracker App up to 5.24.1 on Android. The affected element is an unknown function of the file AndroidManifest.xml of the component com.aftership.AfterShip. The manipulation leads to improper export of android application components. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure and replied: \"After reviewing your report, we have confirmed that this vulnerability does indeed exist and we are actively working to fix it.\"",
"id": "GHSA-g4hq-w2wm-2fp9",
"modified": "2025-08-19T12:31:14Z",
"published": "2025-08-19T12:31:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9134"
},
{
"type": "WEB",
"url": "https://github.com/KMov-g/androidapps/blob/main/com.aftership.AfterShip.md"
},
{
"type": "WEB",
"url": "https://github.com/KMov-g/androidapps/blob/main/com.aftership.AfterShip.md#steps-to-reproduce"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.320514"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.320514"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.615253"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-G7QH-99Q7-56QV
Vulnerability from github – Published: 2021-12-09 00:00 – Updated: 2023-06-26 21:30Improper export of Android application components vulnerability in Samsung Pay (India only) prior to version 4.1.77 allows attacker to access Bill Pay and Recharge menu without authentication.
{
"affected": [],
"aliases": [
"CVE-2021-25527"
],
"database_specific": {
"cwe_ids": [
"CWE-926"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-08T15:15:00Z",
"severity": "LOW"
},
"details": "Improper export of Android application components vulnerability in Samsung Pay (India only) prior to version 4.1.77 allows attacker to access Bill Pay and Recharge menu without authentication.",
"id": "GHSA-g7qh-99q7-56qv",
"modified": "2023-06-26T21:30:53Z",
"published": "2021-12-09T00:00:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25527"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=12"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-G7X3-MC24-PXM6
Vulnerability from github – Published: 2025-07-17 15:32 – Updated: 2025-07-17 15:32Bluebird devices contain a pre-loaded file manager application. This application exposes an unsecured service provider "com.bluebird.system.koreanpost.IsdcardRemoteService". A local attacker can bind to the AIDL-type service to copy and delete arbitrary files from device's storage with system-level permissions.
Version 1.4.4 is vulnerable, vendor reverted vulnerable versions to older version: 1.3.6
{
"affected": [],
"aliases": [
"CVE-2025-5345"
],
"database_specific": {
"cwe_ids": [
"CWE-926"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-17T13:15:23Z",
"severity": "MODERATE"
},
"details": "Bluebird devices contain a pre-loaded file manager application. This application exposes an unsecured service provider \"com.bluebird.system.koreanpost.IsdcardRemoteService\". A local attacker can bind to the AIDL-type service to copy and delete arbitrary files from device\u0027s storage with system-level permissions.\n\nVersion 1.4.4 is vulnerable, vendor reverted vulnerable versions to older version: 1.3.6",
"id": "GHSA-g7x3-mc24-pxm6",
"modified": "2025-07-17T15:32:15Z",
"published": "2025-07-17T15:32:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5345"
},
{
"type": "WEB",
"url": "https://cert.pl/en/posts/2025/07/CVE-2025-5344"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-G933-MQC6-XP2V
Vulnerability from github – Published: 2024-03-05 00:31 – Updated: 2024-03-05 00:31An improper export vulnerability was reported in the Motorola Carrier Services application that could allow a malicious, local application to read files without authorization.
{
"affected": [],
"aliases": [
"CVE-2023-41829"
],
"database_specific": {
"cwe_ids": [
"CWE-926"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-04T22:15:46Z",
"severity": "MODERATE"
},
"details": "An improper export vulnerability was reported in the Motorola Carrier Services application that could allow a malicious, local application to read files without authorization.",
"id": "GHSA-g933-mqc6-xp2v",
"modified": "2024-03-05T00:31:14Z",
"published": "2024-03-05T00:31:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41829"
},
{
"type": "WEB",
"url": "https://en-us.support.motorola.com/app/answers/detail/a_id/178272"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GF4F-9HJ7-657C
Vulnerability from github – Published: 2025-09-10 15:31 – Updated: 2025-09-10 15:31A vulnerability was identified in GalleryVault Gallery Vault App up to 4.5.2 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.thinkyeah.galleryvault. The manipulation leads to improper export of android application components. The attack can only be performed from a local environment. The exploit is publicly available and might be used.
{
"affected": [],
"aliases": [
"CVE-2025-9695"
],
"database_specific": {
"cwe_ids": [
"CWE-926"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-30T16:15:37Z",
"severity": "MODERATE"
},
"details": "A vulnerability was identified in GalleryVault Gallery Vault App up to 4.5.2 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.thinkyeah.galleryvault. The manipulation leads to improper export of android application components. The attack can only be performed from a local environment. The exploit is publicly available and might be used.",
"id": "GHSA-gf4f-9hj7-657c",
"modified": "2025-09-10T15:31:14Z",
"published": "2025-09-10T15:31:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9695"
},
{
"type": "WEB",
"url": "https://github.com/KMov-g/androidapps/blob/main/com.thinkyeah.galleryvault.md"
},
{
"type": "WEB",
"url": "https://github.com/KMov-g/androidapps/blob/main/com.thinkyeah.galleryvault.md#steps-to-reproduce"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.321906"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.321906"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.639039"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-GWM6-6596-7JRG
Vulnerability from github – Published: 2025-08-18 00:30 – Updated: 2025-08-18 00:30A vulnerability was found in Euro Information CIC banque et compte en ligne App 12.56.0 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.cic_prod.bad. The manipulation leads to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-9097"
],
"database_specific": {
"cwe_ids": [
"CWE-926"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-18T00:15:28Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in Euro Information CIC banque et compte en ligne App 12.56.0 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.cic_prod.bad. The manipulation leads to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-gwm6-6596-7jrg",
"modified": "2025-08-18T00:30:30Z",
"published": "2025-08-18T00:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9097"
},
{
"type": "WEB",
"url": "https://github.com/KMov-g/androidapps/blob/main/com.cic_prod.bad.md"
},
{
"type": "WEB",
"url": "https://github.com/KMov-g/androidapps/blob/main/com.cic_prod.bad.md#steps-to-reproduce"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.320419"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.320419"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.627899"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-GWQG-23X2-CWW4
Vulnerability from github – Published: 2024-09-30 15:30 – Updated: 2025-10-03 09:30Cross Application Scripting vulnerability in Vercom S.A. Redlink SDK in specific situations allows local code injection and to manipulate the view of a vulnerable application.This issue affects Redlink SDK versions through 1.13.
{
"affected": [],
"aliases": [
"CVE-2024-6051"
],
"database_specific": {
"cwe_ids": [
"CWE-926",
"CWE-99"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-30T13:15:02Z",
"severity": "MODERATE"
},
"details": "Cross Application Scripting vulnerability in Vercom S.A. Redlink SDK\u00a0in specific situations allows local code injection and to manipulate the view of a vulnerable application.This issue affects Redlink SDK versions through 1.13.",
"id": "GHSA-gwqg-23x2-cww4",
"modified": "2025-10-03T09:30:19Z",
"published": "2024-09-30T15:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6051"
},
{
"type": "WEB",
"url": "https://cert.pl/en/posts/2024/09/CVE-2024-6051"
},
{
"type": "WEB",
"url": "https://cert.pl/posts/2024/09/CVE-2024-6051"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:A/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:L/U:Clear",
"type": "CVSS_V4"
}
]
}
GHSA-H8RJ-9VPC-9RGC
Vulnerability from github – Published: 2024-05-03 15:30 – Updated: 2024-05-03 15:30An improper export vulnerability was reported in the Motorola Services Main application that could allow a local attacker to write to a local database.
{
"affected": [],
"aliases": [
"CVE-2023-41816"
],
"database_specific": {
"cwe_ids": [
"CWE-926"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-03T14:15:08Z",
"severity": "MODERATE"
},
"details": "\nAn improper export vulnerability was reported in the Motorola Services Main application that could allow a local attacker to write to a local database.\u00a0\n\n",
"id": "GHSA-h8rj-9vpc-9rgc",
"modified": "2024-05-03T15:30:52Z",
"published": "2024-05-03T15:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41816"
},
{
"type": "WEB",
"url": "https://en-us.support.motorola.com/app/answers/detail/a_id/178874"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Attack Surface Reduction
If they do not need to be shared by other applications, explicitly mark components with android:exported="false" in the application manifest.
Mitigation
Strategy: Attack Surface Reduction
If you only intend to use exported components between related apps under your control, use android:protectionLevel="signature" in the xml manifest to restrict access to applications signed by you.
Mitigation
Strategy: Attack Surface Reduction
Limit Content Provider permissions (read/write) as appropriate.
Mitigation
Strategy: Separation of Privilege
Limit Content Provider permissions (read/write) as appropriate.
No CAPEC attack patterns related to this CWE.